ntp (1:4.2.8p15+dfsg-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones Wed, 16 Feb 2022 17:13:02 +0000 ntp (1:4.2.8p15+dfsg-1ubuntu1) jammy; urgency=medium * Merge from Debian unstable, remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - add support for parsing systemd networkd lease files LP: 1717983 + d/ntp.dhcp add support for parsing systemd networkd lease files + d/ntp-systemd-netif.service: service to call hook + d/ntp-systemd-netif.path: respond to lease changes * Dropped changes, included in Debian: - Add Conflict/Replaces/Provides: time-daemon. - debian/rules: add -fcommon flag to CFLAGS * Dropped changes, included upstream: - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. * debian/patches/glibc-2.34.patch: compatibility with glibc 2.34. -- Steve Langasek Wed, 08 Dec 2021 11:49:03 -0800 ntp (1:4.2.8p15+dfsg-1) unstable; urgency=medium * Reapply DFSG-cleanup. -- Bernhard Schmidt Wed, 23 Sep 2020 13:46:38 +0200 ntp (1:4.2.8p15-1) unstable; urgency=medium * New upstream version 4.2.8p15 * Build with -fcommon to fix FTBFS with GCC-10 (Closes: #957615) -- Bernhard Schmidt Mon, 21 Sep 2020 23:07:42 +0200 ntp (1:4.2.8p14+dfsg-2) unstable; urgency=medium * Make test-suite non-fatal on ia64 ppc64 ppc64el where it still fails - Also on m68k where we don't know yet due to Bug#931630 * Drop obsolete Breaks+Replaces from pre-oldstable * Add Conflict/Replaces/Provides: time-daemon (Closes: #316549) -- Bernhard Schmidt Tue, 10 Mar 2020 08:38:28 +0100 ntp (1:4.2.8p14+dfsg-1) unstable; urgency=medium * New upstream version 4.2.8p14+dfsg * Drop patches applied upstream * Enable testsuite on all architectures, should be fixed -- Bernhard Schmidt Fri, 06 Mar 2020 19:38:49 +0100 ntp (1:4.2.8p13+dfsg-2) unstable; urgency=medium * Upload new upstream version to unstable * AppArmor: fix path to Samba NTP signing socket (Closes: #928168) -- Bernhard Schmidt Mon, 08 Jul 2019 00:22:04 +0200 ntp (1:4.2.8p13+dfsg-1) experimental; urgency=medium * New upstream version 4.2.8p13+dfsg - CVE-2019-8936: Crafted null dereference attack in authenticated mode 6 packet (Closes: #924228) * ntp: exit 0 from init script if daemon does not exist (Closes: #764546) * Drop locking from ntp initscript/systemd-wrapper * Only delete ntpd statistics files in cronjob (Closes: #772790) -- Bernhard Schmidt Thu, 21 Mar 2019 23:31:10 +0100 ntp (1:4.2.8p12+dfsg-3ubuntu7) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin Mon, 29 Nov 2021 16:04:04 +0100 ntp (1:4.2.8p12+dfsg-3ubuntu6) impish; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton Fri, 27 Nov 2020 16:10:51 -0500 ntp (1:4.2.8p12+dfsg-3ubuntu4) focal; urgency=medium [ Bernhard Schmidt ] * Add Conflict/Replaces/Provides: time-daemon (Closes: #316549) -- Balint Reczey Thu, 02 Apr 2020 19:37:06 +0200 ntp (1:4.2.8p12+dfsg-3ubuntu3) focal; urgency=medium * No-change rebuild for libevent soname changes. -- Matthias Klose Sat, 19 Oct 2019 19:57:18 +0000 ntp (1:4.2.8p12+dfsg-3ubuntu2) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose Thu, 05 Sep 2019 11:04:26 +0000 ntp (1:4.2.8p12+dfsg-3ubuntu1) disco; urgency=medium * Merge with Debian unstable (LP: #1806382). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - add support for parsing systemd networkd lease files LP: 1717983 + d/ntp.dhcp add support for parsing systemd networkd lease files + d/ntp-systemd-netif.service: service to call hook + d/ntp-systemd-netif.path: respond to lease changes * Dropped Changes (accepted in Debian) - Add PPS support (this is accepted in Debian and only had some readme and example entries left): -- Christian Ehrhardt Mon, 03 Dec 2018 13:05:00 +0100 ntp (1:4.2.8p12+dfsg-3) unstable; urgency=low * Treat testsuite errors as non-fatal on some architectures Fixes FTBFS on ppc64el, ia64, powerpc, ppc64 -- Bernhard Schmidt Fri, 14 Sep 2018 22:31:42 +0200 ntp (1:4.2.8p12+dfsg-2) unstable; urgency=low * Drop ntpdate ifupdown hooks (Closes: #908286) These have been a constant source of problems and one-shot syncs are not a proper solution for timekeeping. See ntpdate.NEWS for details * Do not install /var/lib/ntpdate, not used anymore * Drop maintscript snippets for upgrading from versions prior to Jessie * Reenable unittest - disable always failing test-decodenetnum with a patch * Set Rules-Requires-Root: no -- Bernhard Schmidt Thu, 13 Sep 2018 23:16:11 +0200 ntp (1:4.2.8p12+dfsg-1) unstable; urgency=medium [ Bernhard Schmidt ] * New upstream version 4.2.8p12 * Update Maintainer address to ntp@packages.debian.org (Closes: #899940) * Update ntpdate.8 from ntpdate.html (Closes: #476491, #515246) [ Peter Eisentraut ] * Remove Peter Eisentraut from Uploaders -- Bernhard Schmidt Thu, 16 Aug 2018 22:20:29 +0200 ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium * Merge with Debian unstable (LP: #1773921). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian + debian/ntp.conf: Add some PPS configuration examples from the offical documentation. - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983 * Dropped Changes (accepted in Debian) - d/ntp-systemd-wrapper protect systemd service startup from concurrent ntpdate processes the same way it was protected on sysv-init (LP 1706818) - debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP 1727202). - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227) - fix apparmor denial when checking for running ntpdate (LP 1749389) -- Christian Ehrhardt Tue, 29 May 2018 10:34:11 +0200 ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium * New upstream version 4.2.8p11+dfsg (Closes: #851096) - Refresh patches - Drop ntpd-increase-stack-size included upstream - CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association (LOW/MED) - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state (LOW/MED) - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated symmetric passive peering (LOW) - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium) - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak (Info/Medium) - CVE-2016-1549: Sybil vulnerability: ephemeral association attack (mitigated in 4.2.8p7) * convert dfsg.sh into mk-origtargz script * Run wrap-and-sort * Sync AppArmor profile changes from Ubuntu, including a fix for a harmless AppArmor denial in /usr/local (Closes: #883022) * Don't chown in postinst recursively. Thanks to Daniel Kahn Gillmor (Closes: #889488) * Build sntp against system libevent * Drop versioned build-deps already fulfilled by oldoldstable -- Bernhard Schmidt Sun, 25 Mar 2018 23:52:51 +0200 ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium * Make sntp KoD path FHS-compliant. Thanks to Aaron Smith (Closes: #863873) * Drop historic Breaks/Pre-Depends * Drop historic conffile handling from pre-jessie * Adjust ntpdate description stating that it is deprecated * Move Vcs-* to salsa * Bump Standards-Version to 4.1.3.0, no changes necessary * Cherry-pick patch from upstream to increase stack size. Thanks to Frederic Endner-Dühr for testing (Closes: #887385) * Temporarily add ntpdate lock for systemd wrapper. Thanks to Christian Ehrhardt (Closes: #874540) * Add note about AppArmor tunable in README.Debian (Closes: #883949) -- Bernhard Schmidt Wed, 24 Jan 2018 22:42:13 +0100 ntp (1:4.2.8p10+dfsg-5ubuntu7) bionic; urgency=medium * fix apparmor denial when checking for running ntpdate (LP: 1749389) -- Christian Ehrhardt Wed, 14 Feb 2018 09:23:36 +0100 ntp (1:4.2.8p10+dfsg-5ubuntu6) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov Mon, 05 Feb 2018 16:51:21 +0000 ntp (1:4.2.8p10+dfsg-5ubuntu5) bionic; urgency=medium * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227) -- Christian Ehrhardt Thu, 04 Jan 2018 14:20:53 +0100 ntp (1:4.2.8p10+dfsg-5ubuntu4) bionic; urgency=medium * debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP: #1727202). -- Christian Ehrhardt Wed, 13 Dec 2017 16:31:30 +0100 ntp (1:4.2.8p10+dfsg-5ubuntu3) artful; urgency=medium * d/ntp.dhcp add support for parsing systemd networkd lease files LP: #1717983 -- Dimitri John Ledkov Tue, 03 Oct 2017 01:54:33 +0100 ntp (1:4.2.8p10+dfsg-5ubuntu2) artful; urgency=medium * d/ntp-systemd-wrapper protect systemd service startup from concurrent ntpdate processes the same way it was protected on sysv-init (LP: #1706818) -- Christian Ehrhardt Tue, 05 Sep 2017 15:09:08 +0200 ntp (1:4.2.8p10+dfsg-5ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1604010). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. + debian/ntp.conf: Add some configuration examples from the offical documentation. * Drop Changes (contribs accepted in Debian): - Apparmor bits not yet accepted in Debian + d/apparmor-profile add samba winbindd pipe (LP 1582767) - Fix ntpdate-debian to be able to parse new config of ntp (LP 1576698) - d/rules: enable debugging - d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/source_ntp.py: includes a filter on AppArmor profile names to prevent false positives from denials originating in other packages -- Christian Ehrhardt Wed, 21 Jun 2017 16:17:38 +0200 ntp (1:4.2.8p10+dfsg-5) unstable; urgency=medium * Fix arch:all FTBFS due to improper moving of sntp manpage (Closes: #865227) -- Bernhard Schmidt Tue, 20 Jun 2017 09:01:07 +0200 ntp (1:4.2.8p10+dfsg-4) unstable; urgency=medium Upload changes tested in experimental to unstable * Build system/packaging changes - Update to debhelper sequencer, compat level 10 - Bump Standards Version, no changes necessary - Build ntp reproducibly. Thanks to Reiner Herrmann (Closes: #828989) - Use 'debian' location file (Closes: #852946) - Install upstream manpages where available (Closes: #794182, #806645, #803709, #805325) - Re-enable Debugging (Closes: #643954) * Build sntp (Closes: #793837) - Split sntp into new binary package * Add systemd unit (Closes: #635752) + Documentation fixes - Fix spelling error in cron.daily/ntp (Closes: #739942) - Fix outdated path/package name in README.Debian (Closes: #806647) * Use tzdata leapfile in default configuration. Thanks to Edmund Grimley Evans (Closes: #858548) - add trigger to restart ntp on leapfile updates * Changes from Ubuntu, thanks to Christian Ehrhardt - apparmor: Allow access to winbindd pipe (Closes: #861727) - add apport hook (Closes: #861730) * Set --home in adduser to resolve lintian error * mark ntp-doc Multi-Arch: foreign -- Bernhard Schmidt Sat, 17 Jun 2017 21:51:57 +0200 ntp (1:4.2.8p10+dfsg-3) unstable; urgency=medium * No-change upload to supersede accidental upload of experimental to unstable -- Bernhard Schmidt Sun, 07 May 2017 23:04:52 +0200 ntp (1:4.2.8p10+dfsg-2) unstable; urgency=medium * Support pool statement in ntpdate-debian (Closes: #854432, #823120) * Point Vcs-* to pkg-ntp git repository * Add Bernhard Schmidt to Uploaders -- Bernhard Schmidt Sun, 07 May 2017 14:49:22 +0200 ntp (1:4.2.8p10+dfsg-1ubuntu1) artful; urgency=medium * Merge from Debian testing. Remaining changes: + d/rules: enable debugging + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. - d/source_ntp.py: includes a filter on AppArmor profile names to prevent false positives from denials originating in other packages + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. + Fix ntpdate-debian to be able to parse new config of ntp + PPS Documentation: - d/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. - d/ntp.conf: Add some configuration examples from the offical documentation. + Apparmor bits not yet accepted in Debian - d/apparmor-profile add samba winbindd pipe * Drop Changes: + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y); dropped as this was only needed while CVE delta was in place that needed ntpd/ntp_parser.[ch] regenerated from ntpd/ntp_parser.y + d/control: Add Suggests on apparmor; drop delta as this is not strictly needed. + Create etc/apparmor.d/{force-complain,tunables}/; force-complain is not used and tunables is handled by the install -D in debian/rules + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards; dropping because this actually was a bad workaround to restart ntpd often in case it didn't find its peers when starting initially with many follow on fixes and follow on bugs around. + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to new path /run/ntp.conf.dhcp); fixed in Debian by bug 600661 + d/ntp.init: Only stop when entering single user mode; that change is a no-op in systemd environments so it can be dropped -- Christian Ehrhardt Tue, 02 May 2017 16:24:56 +0200 ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high * New upstream version - Fix security issues * Update openssl-disable-check.patch -- Kurt Roeckx Wed, 22 Mar 2017 21:53:40 +0100 ntp (1:4.2.8p9+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload. * Force program locations to use 'legacy' defaults (Closes: #851803) -- Daniel Silverstone Sat, 28 Jan 2017 11:58:18 +0000 ntp (1:4.2.8p9+dfsg-2ubuntu1) zesty; urgency=medium * Merge from Debian testing. Remaining changes (LP: #427775): + d/rules: enable debugging + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + d/ntp.init: Only stop when entering single user mode + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to new path /run/ntp.conf.dhcp) + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). + Fix ntpdate-debian to be able to parse new config of ntp + Add PPS support: - d/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. - d/ntp.conf: Add some configuration examples from the offical documentation. + Add Apparmor bits not yet accepted in Debian - d/control: Add Suggests on apparmor. - d/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages - d/apparmor-profile add samba winbindd pipe - Create etc/apparmor.d/{force-complain,tunables}/ * Drop Changes: + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (was accepted in Debian). + d/control: different conflicts/replaces versions on apparmor (was a dependency on a higher apparmor version, but today all releases are newer) -- Christian Ehrhardt Thu, 01 Dec 2016 15:40:22 +0100 ntp (1:4.2.8p9+dfsg-2) unstable; urgency=medium * CVE-2016-0727: NTP statsdir cleanup cronjob insecure (Closes: #839998) Patch by Salvatore Bonaccorso . Patch was dropped in 1:4.2.8p9+dfsg-1. -- Kurt Roeckx Mon, 21 Nov 2016 20:09:17 +0100 ntp (1:4.2.8p9+dfsg-1) unstable; urgency=medium * New usptream version - Adds OpenSSL 1.1.0 support (Closes: #828461) - Fix CVE-2016-9311 - Fix CVE-2016-9310 - Fix CVE-2016-7427 - Fix CVE-2016-7428 - Fix CVE-2016-9312 - Fix CVE-2016-7431 - Fix CVE-2016-7434 - Fix CVE-2016-7429 - Fix CVE-2016-7426 - Fix CVE-2016-7433 * Update watch for new version specific URL. Patch from Nicholas Luedtke (Closes: #823269) * Make ntpdate-debian use the DHCP servers. Patch from Christian Ehrhardt (Closes: #617965) * Move dhcp temporary files from /var/lib to /run. (Closes: #600661) * Wait for ntp to die in the stop target. Patch from Christoph Biedl (Closes: #802040) -- Kurt Roeckx Mon, 21 Nov 2016 19:30:02 +0100 ntp (1:4.2.8p8+dfsg-1ubuntu2) yakkety; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt Fri, 26 Aug 2016 15:11:15 +0200 ntp (1:4.2.8p8+dfsg-1ubuntu1) yakkety; urgency=medium [ Christian Ehrhardt ] * Merge from Debian testing. Remaining changes: + debian/rules: enable debugging. Asked debian to add this in bug #643954. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + debian/control: Add Suggests on apparmor. + debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode, don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can get stale. Patch by Simon Déziel. + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). + Extend PPS support - debian/README.Debian: Add a PPS section to the README.Debian - debian/ntp.conf: Add some configuration examples from the offical documentation. + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 + Merge also contains an upstream fix that solves (LP: #1567540) * Added changes + match Ubuntu packages now that Debian has ntp apparmor accepted in d/control for Apparmor conflicts/replaces + d/apparmor-profile add samba winbindd pipe (LP: #1582767) * Drop Changes: + Add enforcing AppArmor profile (accepted in Debian): - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/control: Build-Depends on dh-apparmor. - add debian/apparmor-profile*. - debian/ntp.dirs: Add apparmor directories. - debian/rules: Install apparmor-profile and apparmor-profile.tunable. - debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. - debian/README.Debian: Add note on AppArmor. + Add PPS support (accepted in Debian) - debian/control: Add Build-Depends on pps-tools + debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices. + d/p/fix_local_sync.patch: fix local clock sync (fixed upstream) + debian/patches/ntpdate-fix-lp1526264.patch (fixed upstream): - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in the future bug + debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream + dropping previous ubuntu security patches/fixes that have been upstreamed in 4.2.8p6: CVE-2015-7973, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158 + dropping previous ubuntu security patches/fixes that have been upstreamed in 4.2.8p7: CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2015-7974, CVE-2016-1547 [ Robie Basak ] * Restore AppArmor entries in debian/ntp.dirs. -- Christian Ehrhardt Fri, 29 Jul 2016 12:42:43 +0200 ntp (1:4.2.8p8+dfsg-1) unstable; urgency=high * New usptream version - Fixes security issues -- Kurt Roeckx Tue, 07 Jun 2016 22:29:17 +0200 ntp (1:4.2.8p7+dfsg-4) unstable; urgency=high * Update apparmor-profiles-extra again now we now in which version they removed it. * Call dh_apparmor. Add build-depends on dh-apparmor. (Closes: #824767) -- Kurt Roeckx Thu, 19 May 2016 20:44:08 +0200 ntp (1:4.2.8p7+dfsg-3) unstable; urgency=medium [ Hideki Yamane ] * Properly enable Apparmor profile from Ubuntu (Closes: #823024) Patch from Hideki Yamane * Update replace/breaks versions of apparmor-profiles-extra (Closes: #805183) -- Kurt Roeckx Sat, 30 Apr 2016 12:14:14 +0200 ntp (1:4.2.8p7+dfsg-2) unstable; urgency=medium * Only build-depend on pps-tools on Linux -- Kurt Roeckx Fri, 29 Apr 2016 18:32:39 +0200 ntp (1:4.2.8p7+dfsg-1) unstable; urgency=medium * New upstream version This might fix a few CVEs. * Drop CVE-2015-5300.patch and CVE-2015-7704.patch now claimed to be fixed upstream. * Remove Bdale from uploaders (Closes: #804377) * Remove section about patching the kernel for PPS support, it's already included in the kernel (Closes: #811171) * Pass --build and --host to configure. (Closes: #315935) Patch from Helmut Grohne * Missing Build-Depends libopts25-dev (which is not implicit in autogen, because autogen is M-A:foreign). Patch from Helmut Grohne * Fix ntp.dhcp to also check for pool and better handle spaces and tabs. (Closes: #809344, #806676) * Change watch file to use https (Closes: #793926) * Hook into NetworkManager to update ntp servers from dhcp. (Closes: #778415). Patch from Helmut Grohne * Build Depend on pps-tools (Closes: #691672) * Don't run ntpdate when method is none. Patch from Dmitry Borisyuk * Also use flock to in the ntp init script, and update the lock file location. (Closes: #806556) * Move apparmor profile from apparmor-profiles-extra. Add Breaks/Replaces. (Closes: #805183) -- Kurt Roeckx Sun, 24 Jan 2016 22:57:40 +0100 ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq buffer overflow - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c. - CVE-2015-7975 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 -- Marc Deslauriers Wed, 01 Jun 2016 08:38:07 -0400 ntp (1:4.2.8p4+dfsg-3ubuntu5) xenial; urgency=medium * debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices. Patch thanks to Mark Shuttleworth. (LP: #1564832) -- Jamie Strandboge Thu, 07 Apr 2016 15:12:41 -0500 ntp (1:4.2.8p4+dfsg-3ubuntu4) xenial; urgency=medium * d/p/fix_local_sync.patch: fix local clock sync (LP: #1558125). -- Pierre-André MOREY Thu, 17 Mar 2016 10:42:44 +0100 ntp (1:4.2.8p4+dfsg-3ubuntu3) xenial; urgency=medium * debian/patches/ntpdate-fix-lp1526264.patch: - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in the future bug (LP: #1526264) -- Łukasz 'sil2100' Zemczak Wed, 24 Feb 2016 12:29:32 +0100 ntp (1:4.2.8p4+dfsg-3ubuntu2) xenial; urgency=medium * debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream -- Jamie Strandboge Wed, 17 Feb 2016 10:41:20 -0600 ntp (1:4.2.8p4+dfsg-3ubuntu1) xenial; urgency=medium * Merge from Debian testing. Remaining changes: + debian/rules: enable debugging. Ask debian to add this. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + Add enforcing AppArmor profile: - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/control: Build-Depends on dh-apparmor. - add debian/apparmor-profile*. - debian/ntp.dirs: Add apparmor directories. - debian/rules: Install apparmor-profile and apparmor-profile.tunable. - debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. - debian/README.Debian: Add note on AppArmor. + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode, don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can get stale. Patch by Simon Déziel. + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). * Includes fix for requests with source ports < 123, fixed upstream in 4.2.8p1 (LP: #1479652). * Add PPS support (LP: #1512980): + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. + debian/ntp.conf: Add some configuration examples from the offical documentation. + debian/control: Add Build-Depends on pps-tools * Drop Changes: + debian/rules: Update config.{guess,sub} for AArch64, because upstream use dh_autoreconf now. + debian/{control,rules}: Add and enable hardened build for PIE. Upstream use fPIC. Options -fPIC and -fPIE are uncompatible, thus this is never applied, (cf. dpkg-buildflags manual), checked with Marc Deslauriers on freenode #ubuntu-hardened, 2016-01-20~13:11 UTC. + debian/rules: Remove update-rcd-params in dh_installinit command. When setting up ntp package, the following message is presented to the user due to deprecated use: "update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults". The defaults are taken from the init.d script LSB comment header, which contain what we need anyway. + debian/rules: Remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. Seems to have been due to ntpd/ntp_parser.y patches from CVE-2015-5194 and CVE-2015-5196, already upstreamed. + debian/ntpdate.if-up: Drop lockfile mechanism as upstream is using flock now. + Remove natty timeframe old deltas (transitional code not needed since Trusty): Those patches were for an incorrect behaviour of system-tools-backend, around natty time (https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/83604/comments/23) - debian/ntpdate-debian: Disregard empty ntp.conf files. - debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. + debian/ntp.dhcp: Rewrite sed rules. This was done incorrectly as pointed out in LP 575458. This decision is explained in detail there. * All previous ubuntu security patches/fixes have been upstreamed: + CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-7703, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702, CVE-2015-7701, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871, CVE-2015-1798, CVE-2015-1799, CVE-2014-9297, CVE-2014-9298, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 + Fix to ignore ENOBUFS on routing netlink socket + Fix use-after-free in routing socket code + ntp-keygen infinite loop or lack of randonmess on big endian platforms -- Pierre-André MOREY Fri, 5 Feb 2016 18:28:52 +0100 ntp (1:4.2.8p4+dfsg-3) unstable; urgency=medium * Remove rlimit memlock from default config file, the default is now to no longer lock. (Closes: #793745) * Really properly fix CVE-2015-7704, thanks to Miroslav Lichvar -- Kurt Roeckx Thu, 22 Oct 2015 20:44:44 +0200 ntp (1:4.2.8p4+dfsg-2) unstable; urgency=medium * Change rlimit memlock default to -1. (Closes: #802638) * Fix CVE-2015-5300 * Properly fix CVE-2015-7704 -- Kurt Roeckx Thu, 22 Oct 2015 19:06:16 +0200 ntp (1:4.2.8p4+dfsg-1) unstable; urgency=high * New upstream release. - Fixes CVE-2015-7850 CVE-2015-7704 CVE-2015-7701 CVE-2015-5196 CVE-2015-7848 CVE-2015-7849 CVE-2015-7854 CVE-2015-7852 CVE-2015-7853 CVE-2015-7851 CVE-2015-7705 CVE-2015-7855 CVE-2015-7871 - Drop format-security.patch, applied upstream. -- Kurt Roeckx Wed, 21 Oct 2015 20:00:31 +0200 ntp (1:4.2.8p3+dfsg-1) unstable; urgency=medium * New upstream version - Patches applied upstream: ntpd-linux-caps-inheritable.patch, ntp-4.2.6p5-cve-2014-9293.patch, ntp-4.2.6p5-cve-2014-9294.patch, ntp-4.2.6p5-cve-2014-9295.patch, ntp-4.2.6p5-cve-2014-9296.patch, CVE-2014-9297.patch, CVE-2014-9298.patch, CVE-2015-1798.patch, CVE-2015-1799.patch, bug-2797.patch, ntpd-ni-maxhost.patch, format-security.patch, sntp-manpage.patch, openssl-headers.patch * Remove autotools.patch since we run dh_autoreconf * Fix a new issue reported by -Werror=format-security * Adjust location in source file for ntpsweep * Upstream doesn't ship ntpsnmpd.1 anymore, so don't remove it * Update the default config to use the new pool method: - Use pool instead of server - Add restrict source line so servers can be added and removed - Add an rlimit memlock so that ntpd actually starts * Change the default restrict line to have a rate limit * Remove empty directory /usr/libexec * Prevent rpaths being set for all binaries * Install files to debian/tmp and use dh_install instead of dh_movefiles -- Kurt Roeckx Sat, 25 Jul 2015 16:37:34 +0200 ntp (1:4.2.6.p5+dfsg-8) UNRELEASED; urgency=low * Fix Lintian warning vcs-field-not-canonical * Update standards version * Remove obsolete "start" option to update-rc.d (closes: #755936) * Use flock instead of lockfile-progs for ntpdate.if-up (closes: #731976); change lock file location to /run/lock * Allow for multiple spaces or tabs for statsdir in /etc/ntp.conf (closes: #749761) -- Peter Eisentraut Wed, 01 Oct 2014 00:41:49 -0400 ntp (1:4.2.6.p5+dfsg-7) unstable; urgency=medium * Fix endless loop and non-random key generation using ntp-keygen on big endian machines. -- Kurt Roeckx Fri, 10 Apr 2015 21:01:32 +0200 ntp (1:4.2.6.p5+dfsg-6) unstable; urgency=high * Fix CVE-2015-1798 and CVE-2015-1799 (Closes: #782095) -- Kurt Roeckx Fri, 10 Apr 2015 20:08:24 +0200 ntp (1:4.2.6.p5+dfsg-5) unstable; urgency=high * Add missing fix for CVE-2014-9297 -- Kurt Roeckx Sat, 07 Feb 2015 12:20:44 +0100 ntp (1:4.2.6.p5+dfsg-4) unstable; urgency=medium * Fix CVE-2014-9297 * Fix CVE-2014-9298 -- Kurt Roeckx Thu, 05 Feb 2015 00:27:36 +0100 ntp (1:4.2.6.p5+dfsg-3.2) unstable; urgency=medium * Non-maintainer upload. * Apply fixes for security updates (Closes: 773576) - cve-2014-9293 - cve-2014-9294 - cve-2014-9295 - cve-2014-9296 -- Noah Meyerhans Sun, 21 Dec 2014 12:01:50 -0800 ntp (1:4.2.6.p5+dfsg-3.1) unstable; urgency=low * Non-maintainer upload. * Use dh-autoreconf to ensure configurey is updated for new architectures -- Wookey Tue, 15 Jul 2014 11:54:21 +0800 ntp (1:4.2.6.p5+dfsg-3ubuntu9) xenial; urgency=medium [ Cam Cope ] * Use a single lockfile again - instead unlock the file before starting the init script. The lock sho uld be shared - both services can't run at the same time. (LP: #1125726) -- Iain Lane Mon, 07 Dec 2015 13:38:16 +0000 ntp (1:4.2.6.p5+dfsg-3ubuntu8.1) wily-security; urgency=medium * SECURITY UPDATE: denial of service via crafted NUL-byte in configuration directive - debian/patches/CVE-2015-5146.patch: properly validate command in ntpd/ntp_control.c. - CVE-2015-5146 * SECURITY UPDATE: denial of service via malformed logconfig commands - debian/patches/CVE-2015-5194.patch: fix logconfig logic in ntpd/ntp_parser.y. - CVE-2015-5194 * SECURITY UPDATE: denial of service via disabled statistics type - debian/patches/CVE-2015-5195.patch: handle unrecognized types in ntpd/ntp_config.c. - CVE-2015-5195 * SECURITY UPDATE: file overwrite via remote pidfile and driftfile configuration directives - debian/patches/CVE-2015-5196.patch: disable remote configuration in ntpd/ntp_parser.y. - CVE-2015-5196 - CVE-2015-7703 * SECURITY UPDATE: denial of service via precision value conversion - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in include/ntp.h. - CVE-2015-5219 * SECURITY UPDATE: timeshifting by reboot issue - debian/patches/CVE-2015-5300.patch: disable panic in ntpd/ntp_loopfilter.c. - CVE-2015-5300 * SECURITY UPDATE: incomplete autokey data packet length checks - debian/patches/CVE-2015-7691.patch: add length and size checks to ntpd/ntp_crypto.c. - CVE-2015-7691 - CVE-2015-7692 - CVE-2015-7702 * SECURITY UPDATE: memory leak in CRYPTO_ASSOC - debian/patches/CVE-2015-7701.patch: add missing free in ntpd/ntp_crypto.c. - CVE-2015-7701 * SECURITY UPDATE: denial of service by spoofed KoD - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c. - CVE-2015-7704 - CVE-2015-7705 * SECURITY UPDATE: denial of service via same logfile and keyfile - debian/patches/CVE-2015-7850.patch: rate limit errors in include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c, libntp/msyslog.c. - CVE-2015-7850 * SECURITY UPDATE: ntpq atoascii memory corruption - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in ntpq/ntpq.c. - CVE-2015-7852 * SECURITY UPDATE: buffer overflow via custom refclock driver - debian/patches/CVE-2015-7853.patch: properly calculate length in ntpd/ntp_io.c. - CVE-2015-7853 * SECURITY UPDATE: denial of service via ASSERT in decodenetnum - debian/patches/CVE-2015-7855.patch: simply return fail in libntp/decodenetnum.c. - CVE-2015-7855 * SECURITY UPDATE: symmetric association authentication bypass via crypto-NAK - debian/patches/CVE-2015-7871.patch: drop unhandled packet in ntpd/ntp_proto.c. - CVE-2015-7871 * debian/control: add bison to Build-Depends. * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. -- Marc Deslauriers Thu, 22 Oct 2015 16:38:14 -0400 ntp (1:4.2.6.p5+dfsg-3ubuntu8) wily; urgency=medium * debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can get stale. Patch by Simon Déziel. (LP: #1472056) -- Iain Lane Fri, 02 Oct 2015 10:45:41 +0100 ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium * Fix use-after-free in routing socket code (LP: #1481388) - debian/patches/use-after-free-in-routing-socket.patch fix logic in ntpd/ntp_io.c * Fix to ignore ENOBUFS on routing netlink socket - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch fix logic in ntpd/ntp_io.c -- Eric Desrochers Wed, 02 Sep 2015 09:57:16 -0400 ntp (1:4.2.6.p5+dfsg-3ubuntu6) vivid; urgency=medium * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big endian platforms - debian/patches/ntp-keygen-endless-loop.patch: fix logic in util/ntp-keygen.c. - CVE number pending -- Marc Deslauriers Mon, 13 Apr 2015 08:58:57 -0400 ntp (1:4.2.6.p5+dfsg-3ubuntu5) vivid; urgency=medium * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack - debian/patches/CVE-2015-1798.patch: reject packets without MAC in ntpd/ntp_proto.c. - CVE-2015-1798 * SECURITY UPDATE: symmetric association DoS attack - debian/patches/CVE-2015-1799.patch: don't update state variables when authentication fails in ntpd/ntp_proto.c. - CVE-2015-1799 -- Marc Deslauriers Tue, 07 Apr 2015 12:48:31 -0400 ntp (1:4.2.6.p5+dfsg-3ubuntu4) vivid; urgency=medium * SECURITY UPDATE: denial of service and possible info leakage via extension fields - debian/patches/CVE-2014-9297.patch: properly check lengths in ntpd/ntp_crypto.c, ntpd/ntp_proto.c. - CVE-2014-9297 * SECURITY UPDATE: IPv6 ACL bypass - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in ntpd/ntp_io.c. - CVE-2014-9298 -- Marc Deslauriers Mon, 09 Feb 2015 13:03:44 -0500 ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium * SECURITY UPDATE: weak default key in config_auth() - debian/patches/CVE-2014-9293.patch: use openssl for random key in ntpd/ntp_config.c, ntpd/ntpd.c. - CVE-2014-9293 * SECURITY UPDATE: non-cryptographic random number generator with weak seed used by ntp-keygen to generate symmetric keys - debian/patches/CVE-2014-9294.patch: use openssl for random key in include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c. - CVE-2014-9294 * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(), configure() - debian/patches/CVE-2014-9295.patch: check lengths in ntpd/ntp_control.c, ntpd/ntp_crypto.c. - CVE-2014-9295 * SECURITY UPDATE: missing return on error in receive() - debian/patches/CVE-2015-9296.patch: add missing return in ntpd/ntp_proto.c. - CVE-2014-9296 -- Marc Deslauriers Sat, 20 Dec 2014 05:47:10 -0500 ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508) -- Jamie Strandboge Wed, 09 Oct 2013 12:28:02 -0500 ntp (1:4.2.6.p5+dfsg-3ubuntu1) saucy; urgency=low * Merge from Debian testing to regain crypto support (LP: #1236065). Remaining changes: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile: - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/ntp.dirs: Add apparmor directories. - debian/ntp.preinst: Force complain on certain upgrades. - debian/ntp.postinst: Reload apparmor profile. - debian/ntp.postrm: Remove the force-complain file. - add debian/apparmor-profile*. - debian/rules: install apparmor-profile and apparmor-profile.tunable. - debian/README.Debian: Add note on AppArmor. + debian/{control,rules}: Add and enable hardened build for PIE. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + debian/ntpdate-debian: Disregard empty ntp.conf files. + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. + debian/ntpdate.if-up: Fix interaction with openntpd. + debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. + debian/rules: Update config.{guess,sub} for AArch64. -- Tyler Hicks Sun, 06 Oct 2013 12:34:00 -0700 ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low * Look for rather than , which is due to move to a different location in order to support multiarch. Patch by Colin Watson (Closes: #696390) -- Kurt Roeckx Mon, 20 May 2013 16:14:07 +0200 ntp (1:4.2.6.p5+dfsg-2ubuntu3) saucy; urgency=low * Update config.{guess,sub} for AArch64. -- Matthias Klose Mon, 05 Aug 2013 18:51:48 +0200 ntp (1:4.2.6.p5+dfsg-2ubuntu2) saucy; urgency=low * debian/apparmor-profile: Add /var/log/ntpstats/protostats* (LP: #1195898) -- Jamie Strandboge Fri, 05 Jul 2013 10:06:47 -0500 ntp (1:4.2.6.p5+dfsg-2ubuntu1) raring; urgency=low * New upstream version, fixing build failure in raring. * Merge with Debian; remaining changes: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile: - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/ntp.dirs: Add apparmor directories. - debian/ntp.preinst: Force complain on certain upgrades. - debian/ntp.postinst: Reload apparmor profile. - debian/ntp.postrm: Remove the force-complain file. - add debian/apparmor-profile*. - debian/rules: install apparmor-profile and apparmor-profile.tunable. - debian/README.Debian: Add note on AppArmor. + debian/{control,rules}: Add and enable hardened build for PIE. + debian/apparmor-profile: Adjust location of drift files. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + debian/ntpdate-debian: Disregard empty ntp.conf files. + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. + debian/ntpdate.ifup: Fix interaction with openntpd. + debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor profile. + debian/apparmor-profile: adjust for IPv6. -- Matthias Klose Wed, 03 Apr 2013 07:21:01 +0200 ntp (1:4.2.6.p5+dfsg-2) unstable; urgency=medium * Re-enable crypto support by pointing openssl libdir to multiarch dir. Also increase libssl-dev build dependency to the first multiarch version. (closes: #670662) -- Peter Eisentraut Sat, 12 May 2012 12:04:06 +0300 ntp (1:4.2.6.p5+dfsg-1) unstable; urgency=low * New upstream release (closes: #644673) * Updated instructions on generating autotools.patch * Updated standards version -- Peter Eisentraut Mon, 27 Feb 2012 13:55:56 +0200 ntp (1:4.2.6.p3+dfsg-3) unstable; urgency=medium * Update format-security.patch to include kfreebsd-specific fixes (closes: #653771) -- Peter Eisentraut Thu, 05 Jan 2012 19:37:28 +0200 ntp (1:4.2.6.p3+dfsg-2) unstable; urgency=low * Use architecture wildcard for libcap2-dev build dependency, removing type-handing dependency (closes: #528440, #587871) * Updated standards version * Get build flags from dpkg-buildflags, and fix the resulting -Wformat-security errors using patch from Colin Watson (closes: #542721, #627403) * Add -Wl,--as-needed to LDFLAGS, which drops the dependency of ntpdate on libcap2 * Add sntp-manpage.patch to fix some errors in sntp man page pointed out by lintian * Re-remove tickadj. The previous method of achieving this by tweaking configure cache variables apparently broke at some point, so this time do it more directly. * Explicitly disable building ntpsnmpd and remove man page (closes: #608542; see also #622819) * ntpdate-debian: Improve parsing of ntp.conf (closes: #606349) * Add descriptions of -4/-6 options to ntpd man page (closes: #613349) * Update options list on ntptrace man page to match reality (closes: #593417) * Add build-arch and build-indep debian/rules targets, per lintian * Create ntp user and group separately, to handle the case where the user already exists but not the group (closes: #624275) * Don't ignore errors from adduser. If the system user or group already exist, this is ignored anyway. Anything else we want to know about. * Generalize ntp.cron.daily to cover all possible filegen stats files (closes: #644120) -- Peter Eisentraut Sat, 17 Dec 2011 19:00:10 +0200 ntp (1:4.2.6.p3+dfsg-1dbuntu5) quantal; urgency=low * debian/source_ntp.py: add filter on AppArmor profile names to prevent false positives from denials originating in other packages. -- Marc Deslauriers Mon, 20 Aug 2012 10:13:30 -0400 ntp (1:4.2.6.p3+dfsg-1ubuntu4) quantal; urgency=low * Re-enable crypto support by pointing openssl libdir to multiarch dir, change backported from Debian, thanks Yves-Alexis Perez (lp: #998403) -- Sebastien Bacher Mon, 04 Jun 2012 16:35:25 +0200 ntp (1:4.2.6.p3+dfsg-1ubuntu3) precise; urgency=low * debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor profile (LP: #930266) * debian/control: Build-Depends on dh-apparmor -- Jamie Strandboge Tue, 06 Mar 2012 08:06:06 -0600 ntp (1:4.2.6.p3+dfsg-1ubuntu2) precise; urgency=low * debian/apparmor-profile: adjust for IPv6 (LP: #892332) -- Jamie Strandboge Tue, 03 Jan 2012 17:03:44 -0600 ntp (1:4.2.6.p3+dfsg-1ubuntu1) precise; urgency=low * Merge from debian unstable, remaining changes are: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile (LP: #382905): - debian/control: add Conflicts/Replaces on apparmor-profiles < 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) - debian/control: add Suggests on apparmor - debian/ntp.dirs: add apparmor directories - debian/ntp.preinst: force complain on certain upgrades - debian/ntp.postinst: reload apparmor profile - debian/ntp.postrm: remove the force-complain file - add debian/apparmor-profile* - debian/rules: install apparmor-profile and apparmor-profile.tunable - debian/README.Debian: add note on AppArmor + debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542721). + debian/apparmor-profile: adjust location of drift files (LP: #456308) + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + debian/ntpdate-debian: Disregard empty ntp.conf files. (LP: #83604) + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation, to work around the system-tools-backends part of LP #83604. + debian/ntpdate.ifup: Fix interaction with openntpd. (LP: #877210) + Dropped: - ntpdate-accept-same-timestamp-replies.patch: Accepted upstream -- Chuck Short Wed, 26 Oct 2011 10:24:21 -0400 ntp (1:4.2.6.p3+dfsg-1) unstable; urgency=low * New upstream version - Require newer autogen version * Include sntp in source, it got rewritting and licensed changed. * Re-add neoclock4x driver, license got changed. * Drop nanokernel-status.patch. 2.6.26 was part of lenny, so everybody really should have nanokernel support now. The patch also didn't actually enable the nano kernel. * Drop mod_nano.patch, libc now provides the proper defines. * We now build against a libc that has NTP_API 4 support, which means that we get TAI offset support. -- Kurt Roeckx Fri, 03 Jun 2011 16:39:02 +0200 ntp (1:4.2.6.p2+dfsg-1ubuntu13) precise; urgency=low * debian/ntpdate.if-up: Fix interaction with openntpd, LP: #872210 -- Reinhard Tartler Tue, 11 Oct 2011 12:33:01 +0200 ntp (1:4.2.6.p2+dfsg-1ubuntu12) oneiric; urgency=low * debian/apparmor-profile: also allow access to /var/log/ntpstats/rawstats* -- Jamie Strandboge Fri, 02 Sep 2011 12:35:08 -0500 ntp (1:4.2.6.p2+dfsg-1ubuntu11) oneiric; urgency=low * debian/apparmor-profile: allow sys_nice for -N option to work. More work is needed to make ntpd start niced, so not auto-closing the bug. - LP: 229632 -- Jamie Strandboge Fri, 19 Aug 2011 07:39:20 -0500 ntp (1:4.2.6.p2+dfsg-1ubuntu10) oneiric; urgency=low * debian/source_ntp.py: use new apport MAC function instead of parsing and attaching AppArmor events here. -- Marc Deslauriers Fri, 15 Jul 2011 08:33:08 -0400 ntp (1:4.2.6.p2+dfsg-1ubuntu9) oneiric; urgency=low * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) -- Martin Pitt Thu, 14 Jul 2011 15:12:09 +0200 ntp (1:4.2.6.p2+dfsg-1ubuntu8) oneiric; urgency=low * debian/patches/ntpdate-accept-same-timestamp-replies.patch: Resolving regression where ntpdate ignores replies from some ntp servers where recieve and transmit timestamps are equal. Patch cherry picked from upstream commit. (LP: #787551) -- Dave Walker (Daviey) Mon, 13 Jun 2011 15:22:29 +0100 ntp (1:4.2.6.p2+dfsg-1ubuntu7) oneiric; urgency=low * Fix a number of -Wformat-security warnings. -- Colin Watson Fri, 20 May 2011 12:20:07 +0100 ntp (1:4.2.6.p2+dfsg-1ubuntu6) oneiric; urgency=low * Rebuild for OpenSSL 1.0.0. -- Colin Watson Tue, 17 May 2011 17:24:01 +0100 ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low * debian/apparmor-profile: add note about using shared memory for a clock source (LP: #722815). -- Kees Cook Thu, 10 Mar 2011 12:54:59 -0800 ntp (1:4.2.6.p2+dfsg-1ubuntu4) natty; urgency=low * debian/ntp.conf: adjust to use X.ubuntu.pool.ntp.org in addition to ntp.ubuntu.com (LP: #104525) -- Jamie Strandboge Tue, 08 Feb 2011 10:03:19 -0600 ntp (1:4.2.6.p2+dfsg-1ubuntu3) natty; urgency=low * debian/apparmor-profile: allow access to clockstats too (LP: #701896) -- Jamie Strandboge Wed, 12 Jan 2011 10:05:41 -0600 ntp (1:4.2.6.p2+dfsg-1ubuntu2) natty; urgency=low * debian/ntpdate-debian: Disregard empty ntp.conf files (thanks, Mika Wahlroos; LP: #83604). * debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh installation, to work around the system-tools-backends part of LP #83604. -- Colin Watson Mon, 06 Dec 2010 11:13:04 +0000 ntp (1:4.2.6.p2+dfsg-1ubuntu1) natty; urgency=low * Merge from debian unstable, remaining changes are: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile (LP: #382905): - debian/control: add Conflicts/Replaces on apparmor-profiles < 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) - debian/control: add Suggests on apparmor - debian/ntp.dirs: add apparmor directories - debian/ntp.preinst: force complain on certain upgrades - debian/ntp.postinst: reload apparmor profile - debian/ntp.postrm: remove the force-complain file - add debian/apparmor-profile* - debian/rules: install apparmor-profile and apparmor-profile.tunable - debian/README.Debian: add note on AppArmor + debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542721). + debian/apparmor-profile: adjust location of drift files (LP: #456308) + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. -- Chuck Short Tue, 30 Nov 2010 11:14:31 -0500 ntp (1:4.2.6.p2+dfsg-1) unstable; urgency=low [ Peter Eisentraut ] * Update command options section in ntp.conf(5) man page, drop "dynamic" option (closes: #553976, #439734) * Document ntpd -I option and ntp.conf interface command (closes: #506389) * Fix type in ntpdate man page (closes: #566621) * Added explanation of options to ntptrace man page (closes: #558289) * Removed no longer needed build conflict against libreadline-dev [ Kurt Roeckx ] * New upstream version. - Fixes problem with ipv6 multicast (Closes: #584927) * Move dhcp exit hooks from /etc/dhcp3/dhclient-enter-hooks.d to /etc/dhcp/dhclient-enter-hooks.d. Add dpkg-maintscript-helper to maintainer scripts to move them, and add a Breaks on dhcp3-client (<< 4.1.0-1) (Closes: #585054, #585055) * Remove ntp's Replaces on logcheck-database, we don't ship log logcheck entries anymore for ntp. -- Kurt Roeckx Tue, 13 Jul 2010 20:33:47 +0200 ntp (1:4.2.6.p1+dfsg-1) unstable; urgency=low * New upstream version - They no longer ship arlib, adjust dfsg.patch. - Drop kfreebsd.patch, applied upstream - Update patches for upstream changes. * Remove the obsolete config files: for ntp: - /etc/logcheck/ignore.d.server/ntp, removed in 1:4.2.6+dfsg-1 - /etc/dhcp3/dhclient-enter-hooks.d/ntp, replaced by exit hooks in 1:4.2.4p4+dfsg-3 - /etc/network/if-up.d/ntp, removed in 1:4.2.4p0+dfsg-1 for ntpdate: - /etc/dhcp3/dhclient-enter-hooks.d/ntpdate, replaced by exit hooks in 1:4.2.4p4+dfsg-3 Use dpkg 1.15.7.2's dpkg-maintscript-helper. This needs a Pre-Depends to work, else it's never going to be removed. (Closes: #569530) * Add "Depends: ${misc:Depends}" to ntp-doc. -- Kurt Roeckx Mon, 24 May 2010 11:09:51 +0200 ntp (1:4.2.6+dfsg-1) unstable; urgency=low * New upstream version - They no longer use the built in md5 with unclear license: adjust dfsg.sh and dfsg.patch. - Location of the html pages has changed location: adjust dfsg.sh - Remove ntptimeval.patch and ntptrace-getopt.patch, applied upstream. - Change libedit.patch and call configure with --with-lineeditlibs=edit instead. - Update nanokernel-status.patch to also do it for the new direct_freq() function. - includes.diff: Stop including ntp_refclock.h, since it breaks things. - Upstream no longer provides an ntpdsim.1 manpage, so don't try to to remove it. * Use the system libopts instead of the internal copy: add build-dependency on autogen, call configure with --disable-local-libopts. There is also no need anymore to remove the usr/lib dir. * Remove ntp_gettime.patch, it wasn't used, and we have libc calls that wrap adjtimex now anyway. * Remove the doc.patch, it's either just wrong or more confusing than the original text. * Merge the ntpd-char-fix.patch into ntpd-ni-maxhost.patch * Fix kfreebsd.patch's comment to be about the right patch. * Add comment to dfsg.patch * Update autotools.patch's comment on how to recreate it. * Split ntpd-linux-caps.patch in ntpd-linux-caps-runtime.patch and ntpd-linux-caps-inheritable.patch and add comments * Don't run init script to stop ntpd, just let sendsigs/killprocs deal with it. (Closes: #540694) * Compile with --enable-ntp-signd to enable mssntp for use with samba (Closes: #562065) * Remove ntp.logcheck.ignore.server, none of those messages are send to syslog now. (Closes: #498992) -- Kurt Roeckx Sat, 26 Dec 2009 14:12:22 +0100 ntp (1:4.2.4p8+dfsg-1ubuntu6) maverick; urgency=low * debian/rules: move dh_apparmor before dh_installinit -- Jamie Strandboge Fri, 06 Aug 2010 17:40:04 -0500 ntp (1:4.2.4p8+dfsg-1ubuntu5) maverick; urgency=low * convert to dh_apparmor: - debian/rules, debian/ntp.postrm, debian/ntp.postinst: use dh_apparmor - control: Build-Depends on debhelper >= 7.4.20ubuntu5 * debian/apparmor-profile: include local override * remove now unneeded debian/ntp.preinst -- Jamie Strandboge Fri, 06 Aug 2010 13:55:12 -0500 ntp (1:4.2.4p8+dfsg-1ubuntu4) maverick; urgency=low * debian/dhcp.ntp: Dont remove *all* ntp server from ntp.conf. (LP: #575458) * debian/apparmor-profile: Allow access to /dev/ttyS* (LP: #596859) -- Chuck Short Tue, 22 Jun 2010 09:24:02 -0400 ntp (1:4.2.4p8+dfsg-1ubuntu3) maverick; urgency=low * debian/apparmor-profile: allow access to /var/log/ntpstats/sysstats* (LP: #574343) -- Jamie Strandboge Fri, 18 Jun 2010 07:54:24 -0500 ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp (LP: #517701) -- Jamie Strandboge Thu, 08 Apr 2010 16:24:42 -0500 ntp (1:4.2.4p8+dfsg-1ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile (LP: #382905): - debian/control: add Conflicts/Replaces on apparmor-profiles < 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) - debian/control: add Suggests on apparmor - debian/ntp.dirs: add apparmor directories - debian/ntp.preinst: force complain on certain upgrades - debian/ntp.postinst: reload apparmor profile - debian/ntp.postrm: remove the force-complain file - add debian/apparmor-profile* - debian/rules: install apparmor-profile and apparmor-profile.tunable - debian/README.Debian: add note on AppArmor + debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542721). + debian/apparmor-profile: adjust location of drift files (LP: #456308) + Dropped changes, merged in debian: - fix-nano.patch: Use mod_nano.patch from debian. + Dropped changes, superseded upstream/in Debian: - debian/patches/CVE-2009-1252.patch: No longer needed. - debian/patches/debian/patches/CVE-2009-0159.patch: No longer needed. [Chuck Short] + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook, apart of the server-lucid-apport-hooks specification. -- Chuck Short Tue, 02 Feb 2010 18:36:29 -0500 ntp (1:4.2.4p8+dfsg-1) unstable; urgency=high * New upstream release. - Fixes DoS with mode 7 packets (CVE-2009-3563) (Closes: #560074) -- Kurt Roeckx Tue, 08 Dec 2009 21:41:51 +0100 ntp (1:4.2.4p7+dfsg-4) unstable; urgency=low * Use uname -s instead of dpkg-architecture to found the kernel we're running on. dpkg-architecture is part of dpkg-dev. (Closes: #558145) * Make the package fail to build on hurd since it does not provided the needed system calls for ntpd to work. -- Kurt Roeckx Thu, 26 Nov 2009 22:16:37 +0100 ntp (1:4.2.4p7+dfsg-3) unstable; urgency=low * Don't pass --enable-linuxcaps to configure anymore. It now detects it itself when it's available, and it breaks on non-Linux systems. * Configure didn't know what to set certain options to on kfreebsd. Patch by Aurelien Jarno. (Closes: #522696) * Running as user ntp does not work on kfreebsd because it doesn't support capabilities. Adjust the init script to start as root. -- Kurt Roeckx Wed, 25 Nov 2009 20:03:58 +0100 ntp (1:4.2.4p7+dfsg-2) unstable; urgency=low * Refresh libedit patch because it's fuzzy and fails to apply on the buildds. -- Kurt Roeckx Sat, 21 Nov 2009 18:01:36 +0000 ntp (1:4.2.4p7+dfsg-1) unstable; urgency=low [ Peter Eisentraut ] * Fixed FTBFS because of missing MOD_NANO definition (closes: #552882) * Changed source format to 3.0 (quilt) [ Kurt Roeckx ] * New upstream version. - Remove patches for CVE-2009-1252.patch and CVE-2009-0159.patch, applied upstream - Regenerate patches to apply to the current version. * Detect that we run a kernel with nano support or not. Otherwise it breaks when running on kernels older than 2.6.26. -- Kurt Roeckx Sat, 21 Nov 2009 17:27:11 +0100 ntp (1:4.2.4p6+dfsg-2ubuntu4) lucid; urgency=low * debian/rules: install symlink for early loading of per-interface triggered ntp AppArmor profile. -- Kees Cook Tue, 15 Dec 2009 11:35:33 -0800 ntp (1:4.2.4p6+dfsg-2ubuntu3) lucid; urgency=low * SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to not send a response packet for and rate limit logging of invalid mode 7 requests and responses - CVE-2009-3563 -- Jamie Strandboge Tue, 08 Dec 2009 13:52:12 -0600 ntp (1:4.2.4p6+dfsg-2ubuntu2) lucid; urgency=low * debian/rules: enable debugging (LP: #47683) * debian/ntpdate-if.up: Hide invoke-rc.d output. (LP: #489585) * debian/man/ntptrace.1: Update man page removed ghost options. (LP: #351989) -- Chuck Short Mon, 07 Dec 2009 14:59:28 -0500 ntp (1:4.2.4p6+dfsg-2ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards + debian/ntp.init, debian/rules: Only stop when entering single user mode. + Add enforcing AppArmor profile (LP: #382905) - debian/control: add Conflicts/Replaces on apparmor-profiles < 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) - debian/control: add Suggests on apparmor - debian/ntp.dirs: add apparmor directories - debian/ntp.preinst: force complain on certain upgrades - debian/ntp.postinst: reload apparmor profile - debian/ntp.postrm: remove the force-complain file - add debian/apparmor-profile* - debian/rules: install apparmor-profile and apparmor-profile.tunable - debian/README.Debian: add note on AppArmor + debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242) + debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542721). + debian/apparmor-profile: adjust location of drift files (LP: #456308) + Dropped changes, merged in Debian: - debian/man/ntpdate.8 - fix debian shipped manpage; patch by Josh Holland + Dropped changes, superseded upstream/in Debian: - debian/patches/CVE-2009-0159.patch: Use Debian's version of the patch. - debian/patches/CVE-2009-1252.patch: Use Debian's version of the patch. -- Chuck Short Fri, 06 Nov 2009 01:34:35 +0000 ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium * Fixed typo in ntpdate man page (closes: #526086) * Updated standards version * Moved .dhcp version of configuration files to /var/lib/ntp and /var/lib/ntpdate (closes: #524035) * Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign complaint * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373) * Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373) * Use new status_of_proc function to report status in ntp init script * Updated the config.guess/sub handling as recommended by autotools-dev to not clutter the diff, added autotools-dev to build dependencies -- Peter Eisentraut Fri, 12 Jun 2009 17:24:22 +0300 ntp (1:4.2.4p6+dfsg-1ubuntu5) karmic; urgency=low * debian/apparmor-profile: adjust location of drift files (LP: #456308) -- Jamie Strandboge Wed, 21 Oct 2009 07:07:31 -0500 ntp (1:4.2.4p6+dfsg-1ubuntu4) karmic; urgency=low * debian/{control,rules}: add and enable hardened build for PIE (Debian bug 542721). -- Kees Cook Thu, 20 Aug 2009 17:12:44 -0700 ntp (1:4.2.4p6+dfsg-1ubuntu3) karmic; urgency=low * Add enforcing AppArmor profile (LP: #382905) - debian/control: add Conflicts/Replaces on apparmor-profiles < 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) - debian/control: add Suggests on apparmor - debian/ntp.dirs: add apparmor directories - debian/ntp.preinst: force complain on certain upgrades - debian/ntp.postinst: reload apparmor profile - debian/ntp.postrm: remove the force-complain file - add debian/apparmor-profile* - debian/rules: install apparmor-profile and apparmor-profile.tunable - debian/README.Debian: add note on AppArmor * debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242) -- Jamie Strandboge Tue, 11 Aug 2009 18:25:50 -0500 ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively adjust ntp_peer.c and ntp_timer.c to do the same. - CVE-2009-1252 * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp server - debian/patches/CVE-2009-0159.patch: increase size of buffer in cookedprint() in ntpq/ntpq.c and adjust to use snprintf() - CVE-2009-0159 -- Jamie Strandboge Tue, 19 May 2009 15:26:41 -0500 ntp (1:4.2.4p6+dfsg-1ubuntu1) karmic; urgency=low * Merge from Debian unstable, remaining changes: - debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards - debian/ntp.init, debian/rules: Only stop when entering single user mode. - debian/man/ntpdate.8 - fix debian shipped manpage; patch by Josh Holland * Dropped changes, merged in Debian: - Build against libcap2 instead of libcap1, fixing a kernel warning about using an old interface. * Dropped changes, superseded upstream/in Debian: - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly check the return code of EVP_VerifyFinal() - debian/patches/ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 work. * Fixes LP: #217699 -- Steve Langasek Wed, 29 Apr 2009 06:08:19 +0000 ntp (1:4.2.4p6+dfsg-1) unstable; urgency=low * New upstream release - Updated ntpdate-ipv6.patch, autotools.patch - Obsoletes no-ipv6-fix.patch, CVE-2009-0021.patch * Switched build dependency from libcap-dev to libcap2-dev (closes: #474639) * Added -D_GNU_SOURCE to CPPFLAGS, to support glibc 2.8 (closes: #507806) * Recognize "adjust" in ntpdate logcheck rules (closes: #493907) * Removed "dynamic" key word from default ntp.conf, because this is now obsolete and the default -- Peter Eisentraut Wed, 18 Feb 2009 20:24:14 +0200 ntp (1:4.2.4p4+dfsg-8) unstable; urgency=low * It did not properly check the return value of EVP_VerifyFinal which results in an malformed DSA signature being treated as a good signature rather than as an error. (CVE-2009-0021) -- Kurt Roeckx Mon, 05 Jan 2009 21:10:03 +0100 ntp (1:4.2.4p4+dfsg-7ubuntu5) jaunty; urgency=low * Build against libcap2 instead of libcap1, fixing a kernel warning about using an old interface. LP: #328376. -- Steve Langasek Fri, 20 Mar 2009 19:53:25 +0000 ntp (1:4.2.4p4+dfsg-7ubuntu4) jaunty; urgency=low * LP: #314810 - ntpdate typo in manpage - debian/man/ntpdate.8 - fix debian shipped manpage; patch by Josh Holland -- Alexander Sack Mon, 23 Feb 2009 11:57:32 +0100 ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates. - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly check the return code of EVP_VerifyFinal() - CVE-2009-0021 -- Jamie Strandboge Tue, 06 Jan 2009 01:19:55 -0600 ntp (1:4.2.4p4+dfsg-7ubuntu2) jaunty; urgency=low * Add ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 work. (LP: #305043) -- Matt LaPlante Thu, 04 Dec 2008 00:39:51 -0600 ntp (1:4.2.4p4+dfsg-7ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards (LP: #114505) - debian/ntp.init, debian/rules: Only stop when entering single user mode. -- Scott James Remnant Tue, 11 Nov 2008 17:18:15 +0000 ntp (1:4.2.4p4+dfsg-7) unstable; urgency=low * Added support for numeric IPv6 address in ntpdate-debian (closes: #489712) * Updated standards version * Added PATH to ntpdate.if-up (closes: #490061) -- Peter Eisentraut Wed, 16 Jul 2008 14:09:41 +0200 ntp (1:4.2.4p4+dfsg-6ubuntu2) intrepid; urgency=low * debian/ntpdate.ifup: use a different lockfile to avoid dead-locks when restarting ntpd (LP: #246203). -- Kees Cook Wed, 20 Aug 2008 09:48:33 -0700 ntp (1:4.2.4p4+dfsg-6ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/ntp.conf, debian/ntpdate.default: - Change default server to ntp.ubuntu.com. - debian/control: - Set Ubuntu maintainer address. - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface comes up, then start again afterwards (LP: #114505) * debian/rules: - Call update-rcd-params with manual arguments instead of defaults. * debian/ntp.init: - Update LSB Default-Stop header. * Dropped: - Update TearDown spec implementation: - Update version in conflicts/replaces to that which was shipped in edgy, which was later than that in Debian (due to the ubuntuX). - Add sysv-rc dependency. - debian/rules: - Call update-rcd-params with multiuser instead defaults. - debian/ntp-server.postinst (dapper upgrade): - Remove stop script symlinks from rc0 and rc6. -- Mathias Gug Wed, 18 Jun 2008 22:28:16 -0400 ntp (1:4.2.4p4+dfsg-6) unstable; urgency=low * Put back accidentally removed /etc/defaults/ntpdate (closes: #482605) * Updated Homepage (closes: #482628) * Use libedit instead of libreadline, added libedit.patch (closes: #448408) * While updating autotools.patch, added description how it is generated (closes: #446756) * Since the scripts summary and plot_summary are not installed in a binary package, drop their mention from the copyright file, thus deconfusing lintian * Avoid timeout message from ntpdate.if-up when ntpdate package was removed but not purged (closes: #481049) -- Peter Eisentraut Mon, 16 Jun 2008 12:55:54 +0200 ntp (1:4.2.4p4+dfsg-5) unstable; urgency=low * Removed mentions of -d and -D options from ntpd man page, because the Debian package does not support these options (closes: #479015) * Ignore errors from ntpdate-debian call in ntpdate.if-up (closes: #478655) -- Peter Eisentraut Fri, 09 May 2008 10:28:24 +0200 ntp (1:4.2.4p4+dfsg-4) unstable; urgency=low * Small ntp.conf man page fix (patch by Justin Pryzby) (closes: #450721) * Removed incorrect mention of -m option on ntpd man page (closes: #468348) * Corrected doc-base section for ntp-doc * Added build conflicts against libavahi-compat-libdnssd-dev, so that that feature isn't accidentally enabled (closes: #462597) * Added build conflicts against libwww-dev, libwww-ssl-dev, so we don't accidentally link with their libmd5 (closes: #462597) * Use lockfile-progs to ensure that only one ntpdate.ifup is running at a time (closes: #471358) * Also use lockfile-progs to ensure that ntpd does not start while ntpdate.ifup is running (closes: #436029) * Updated ntp.conf man page from HTML (closes: #466046) * Changed control fields XS-Vcs-* to Vcs-*, and added trunk path * Removed code used for sarge to etch transition * Changed to Debhelper level 6 * Use dh_installifupdown * Removed tickadj program from installation. It is quite unportable, the documentation is inaccurate, and adjtimex could be used instead. -- Peter Eisentraut Tue, 29 Apr 2008 11:19:54 +0200 ntp (1:4.2.4p4+dfsg-3ubuntu2) hardy; urgency=low * Stop ntp before running ntpdate when an interface comes up, then start again afterwards (LP: #114505) -- Onno Benschop Thu, 6 Mar 2008 14:00:42 +0900 ntp (1:4.2.4p4+dfsg-3ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - debian/ntp.conf, debian/ntpdate.default: - Change default server to ntp.ubuntu.com. - debian/rules: - Call update-rcd-params with multiuser instead defaults. - debian/control: - Set Ubuntu maintainer address. - Update version in conflicts/replaces to that which was shipped in edgy, which was later than that in Debian (due to the ubuntuX). - Add sysv-rc dependency. - debian/ntp-server.postinst: - Remove stop script symlinks from rc0 and rc6. -- Scott Kitterman Mon, 25 Feb 2008 19:36:36 -0500 ntp (1:4.2.4p4+dfsg-3) unstable; urgency=low * Various man page and NEWS fixes (patches by Justin Pryzby and Vincent Lefevre) (closes: #439726, #450721) * Run DHCP hooks as exit hooks instead of enter hooks (closes: #408219) * Use try-restart to restart ntpd after DHCP event * Wait for /usr to appear when running ntpdate on network events (closes: #448462) * Updated standards version * Updated ntpd man page from HTML (closes: #444633) * Moved configuration file description from ntpd(8) to ntp.conf(5) * Made NTPDATE_USE_NTP_CONF work with openntpd (initial patch by Benoît Dejean) (closes: #420692) * Added documentary comments to ntp.conf, reformatted the file a bit (closes: #416818) * Fixed whitespace in doc-base, pointed out by lintian * Removed ntpdate-debug.patch; debug behavior is now again consistent with upstream (closes: #451525) * Dropped some useless documentation files -- Peter Eisentraut Sun, 13 Jan 2008 12:18:13 +0100 ntp (1:4.2.4p4+dfsg-2ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - debian/ntp.conf, debian/ntpdate.default: - Change default server to ntp.ubuntu.com. - debian/rules: - Call update-rcd-params with multiuser instead defaults. - debian/control: - Set Ubuntu maintainer address. - Update version in conflicts/replaces to that which was shipped in edgy, which was later than that in Debian (due to the ubuntuX). - Add sysv-rc dependency. - debian/ntp-server.postinst: - Remove stop script symlinks from rc0 and rc6. -- Mathias Gug Mon, 26 Nov 2007 15:42:41 -0500 ntp (1:4.2.4p4+dfsg-2) unstable; urgency=low * Disable checking of openssl library version. (Closes: #446710, #446711, #447431) Patch from Steve Langasek -- Kurt Roeckx Tue, 23 Oct 2007 18:39:47 +0200 ntp (1:4.2.4p4+dfsg-1) unstable; urgency=medium * New upstream release - Updated patches - Rebuilt for new OpenSSL version (closes: #446710) * Removed obsolete build dependency lynx (closes: #446722) * Added Homepage control field * Don't ignore errors from make distclean, as per lintian check * Downgraded perl dependency to Recommends (closes: #324559, #416875) * Removed useless directory /usr/lib/ from ntp package -- Peter Eisentraut Mon, 15 Oct 2007 13:59:34 +0200 ntp (1:4.2.4p3+dfsg-1) unstable; urgency=low [ Kurt Roeckx ] * New upstream release [ Peter Eisentraut ] * Removed mentions of -d and -D options from ntpd and ntpq man pages (closes: #427634, #428241) * Added reference from ntpdate man page to ntpdate-debian (closes: #427981) -- Kurt Roeckx Mon, 13 Aug 2007 15:58:08 +0000 ntp (1:4.2.4p0+dfsg-1ubuntu2) gutsy; urgency=low * Trigger rebuild for hppa -- LaMont Jones Thu, 04 Oct 2007 12:15:33 -0600 ntp (1:4.2.4p0+dfsg-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable. * Remaining Ubuntu changes: - Update version in conflicts/replaces to that which was shipped in edgy, which was later than that in Debian (due to the ubuntuX). - Change default server to ntp.ubuntu.com. - Remove stop links from rc0 and rc6 - Call dh_installinit with --error-handler - Set Ubuntu maintainer address. -- Steve Kowalik Fri, 18 May 2007 22:41:56 +1000 ntp (1:4.2.4p0+dfsg-1) unstable; urgency=low [ Peter Eisentraut ] * New upstream release - Updated patches - ntpd usage message now shows debug option only if actually available (closes: #327347) - Dynamic interface scanning should work now (closes: #253597, #317250, #399905, #407216, #417468, #422861) * Added XS-Vcs-Browser field * Made ntpdate-debian handle empty ntp.conf better (closes: #413692) * Removed ntp-keygen-option.patch; options parsing has changed * Removed new upstream man pages, which are currently not as nice as the ones we already have. * Removed transition packages ntp-simple and ntp-refclock * Updated information about pool.ntp.org in ntp.conf * Disabled statsdir by default (closes: #316669) * Added "dynamic" option to default server entries in ntp.conf * Removed ntp.ifup; supplanted by dynamic interface rescanning (closes: #422860) [ Kurt Roeckx ] * Change ntpd-linux-caps.patch to also request CAP_NET_BIND_SERVICE. -- Peter Eisentraut Thu, 10 May 2007 14:52:48 +0200 ntp (1:4.2.2.p4+dfsg-2) unstable; urgency=low [ Peter Eisentraut ] * Removed obsolete logcheck entry * Improved formatting and fixed random whitespace in cron job [ Kurt Roeckx ] * Set a default restriction list for ipv6 too. (Closes: #411809) * Stop using dhcp provided servers on release and stop. Thanks to Torne (Closes: #411200) * Don't use the nomodify option for localhost. Modification is only allowed when authenticated, so having the nomodify option doesn't buy us anything. It just prevents the resolver slave process who does authenticate itself from properly working (Closes: #385334, #401847) * Make sure that we disable ntp-server for everybody. (Closes: #410383) -- Kurt Roeckx Sun, 4 Mar 2007 13:01:11 +0000 ntp (1:4.2.2.p4+dfsg-1ubuntu3) feisty; urgency=low * Rebuild for changes in the amd64 toolchain. * Set Ubuntu maintainer address. -- Matthias Klose Mon, 5 Mar 2007 01:23:22 +0000 ntp (1:4.2.2.p4+dfsg-1ubuntu2) feisty; urgency=low * Update version in conflicts/replaces to that which was shipped in edgy, which was later than that in Debian (due to the ubuntuX). LP: #73506. -- Scott James Remnant Tue, 28 Nov 2006 10:27:08 +0000 ntp (1:4.2.2.p4+dfsg-1ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - change default server to ntp.ubuntu.com - remove stop links from rc0 and rc6 -- Scott James Remnant Mon, 27 Nov 2006 13:51:15 +0000 ntp (1:4.2.2.p4+dfsg-1) unstable; urgency=low * New upstream release - Fixes off-by-one error in compat getnameinfo() (closes: #387627) - Updated autotools.patch * Fixed watch file for mangled version number * Split out configure.ac hunk from autotools.patch into logical pieces - Removed error cache disabling code, which was nonfunctional from the start * Added web sites to package descriptions -- Peter Eisentraut Sat, 21 Oct 2006 16:34:35 +0200 ntp (1:4.2.2.p3+dfsg-1) unstable; urgency=medium * New upstream release - Updated copyright file - Updated autotools.patch, dfsg.patch * Check for existence of ntp user in init script only in start action * Handle failure to stop daemon in ntp.prerm (closes: #391352) * Added watch file * Added XS-X-Vcs-Svn field * Fixes for Hurd build (closes: #387665) (patches by Marc Dequènes and Kurt Roeckx) * Use server names sent by DHCP server if available (closes: #268328) * Added real man pages, transcribed from HTML documentation (closes: #84979, #201529, #343123, #388503) * Use dh_perl to calculate Perl dependencies * Split code.patch into more logical pieces * Removed obsolete msyslog.c patch * Removed obsolete dependencies: psmisc (killall no longer used), lsb-base for ntpdate (no longer has an init script) * Added script ntpdate-debian. This is identical to ntpdate but reads /etc/default/ntpdate automatically, allowing for centralized configuration. (closes: #147590, #372119, #392098) * Moved ntp.conf parsing logic to ntpdate-debian (closes: #392325) * Redirect error output of ntpdate.ifup to /dev/null (closes: #391819) * Added Replaces: logcheck-database (closes: #392562) -- Peter Eisentraut Sat, 14 Oct 2006 02:20:21 +0200 ntp (1:4.2.2+dfsg.2-3) unstable; urgency=high * Check ntp.conf existence before parsing it in /etc/default/ntpdate (closes: #388032) * Added version number to lsb-base dependency (closes: #388561) * Put back versioned Conflicts and Replaces for ntp-simple and ntp-refclock since we now have transition packages that need to be upgraded at the same time (closes: #389113) * Added Short-Description to init script LSB header * Remove ntpdate init script installation during upgrade (closes: #389089) * Removed -u from default ntpdate options, to avoid collisions with ntpd -- Peter Eisentraut Mon, 2 Oct 2006 19:47:47 +0200 ntp (1:4.2.2+dfsg.2-2) unstable; urgency=medium [ Branden Robinson ] * Soften ntp binary package's Conflicts and Replaces relationships with ntp-{refclock,server,simple} so that they are unversioned; a versioning expression is unnecessary as none of these exist now as dummy packages (and do not need to, as all depended directly or transitively on ntp itself). State that ntp Provides the three merged packages, so that packages depending on them are not spuriously blocked from upgrading before their dependencies are manually changed. (closes: #383212) [ Peter Eisentraut ] * Updated README.Debian's and package descriptions, reflecting that ntpdate is no longer necessary when ntp is installed * npdate is no longer started from an init script but instead by ifup (closes: #56499, #245338, #312576) * Run ntpdate from ifup in the background (closes: #321759, #375280, #382543) * Cleaned out package relationships with long-obsolete packages * Updated standards version * Also parse peer lines in ntp.conf from ntpdate.default (closes: #382311) * Added pointer in ntpdate.default where to find ntp.conf (closes: #386323) * Updated logcheck rules (closes: #305864) [ Julien BLACHE ] * debian/control: + Add ntp-refclock and ntp-simple transition packages (closes: #384857). * debian/ntp.init: + Remove adduser call from initscript (closes: #383666). [ Petter Reinholdtsen ] * Fixed init script LSB header dependency information (closes: #387002) -- Peter Eisentraut Fri, 15 Sep 2006 11:24:09 +0200 ntp (1:4.2.2+dfsg.2-1) unstable; urgency=low [ Peter Eisentraut ] * Set -g as default command-line option of ntpd (closes: #168585, #319776) * Added iburst option to default server lines (closes: #319776) * Initialize ntpdate server list from ntp.conf by default (closes: #376019) (patch by martin f krafft) * Do not run ntpdate init script on package installation or removal (closes: #363513, #378480) * Dropped build dependency on binutils; now covered by build-essential * Removed support for not logging through syslog (closes: #340781) * Disable old ntp-server init script during package configuration (closes: #380233) * Added note about upgrading in README.Debian [ Kurt Roeckx ] * Newly built upstream tarball: - Removed tty_clk_STREAMS.c and global.h * Make init script use $DAEMON, add $PIDFILE and use it. * Use invoke-rc.d in the ifup script instead of directly using /etc/init.d/ntp. -- Peter Eisentraut Wed, 9 Aug 2006 13:58:26 +0200 ntp (1:4.2.2+dfsg-1) unstable; urgency=low [ Peter Eisentraut ] * Consolidated patches using quilt * Merged ntp, ntp-server, ntp-simple, ntp-refclock into single package ntp (closes: #222369, #343131, #377578) * Removed conflict of ntpdate with chrony (closes: #322503) * Improved init scripts: - Added LSB-formatted dependency information (closes: #332848) - Added status option (closes: #319392) - Added support for /etc/default/ntp (closes: #316306, #158389, #309200) - Use LSB functions for messages (closes: #219193) * Retain cap_sys_chroot capability a while longer so that chroot works (closes: #308840) * Cron jobs parse /etc/ntp.conf to fetch current values of logfile and statsdir (closes: #177341, #318824) * Support DEB_BUILD_OPTIONS=noopt * Compile with -fno-strict-aliasing (closes: #316304) * Removed inactive comaintainers * Removed local clock section in default ntp.conf (closes: #262037) * Fixed typo in ntpdate man page -u option description (closes: #272528) * Fixed typographical errors in ntpd manual page (closes: #353803) * Added missing command-line options to ntpd man page (closes: #306460) [ Kurt Roeckx ] * Make ntp and ntpdate depend on netbase because they require /etc/services (Closes: #376295) * New upstream release, merge patches. * Remove all parts of the source that don't have a license on it or otherwise didn't meet the DFSG. As a result, the following clocks are no longer supported: wharton and neoclock4x (Closes: #328200) * Update the copyright file, and add all missing copyright notices and licences to it. * Add Depends on lsb-base, since the init scripts makes use of it now and it's not essential. * Always stop call the init script to stop the daemon in the postinst on configure. Older versions upto and including 1:4.2.0a+stable-8.2 could remove ntp-simple | ntp-refclock before ntp-server, and when ntp-server then tries to stop the daemon it doesn't find the binary and the init script doesn't do anything. -- Peter Eisentraut Fri, 14 Jul 2006 22:55:36 +0200 ntp (1:4.2.0a+stable-9ubuntu2) edgy; urgency=low * Remove stop script symlinks from rc0 and rc6. -- Scott James Remnant Fri, 15 Sep 2006 17:47:40 +0100 ntp (1:4.2.0a+stable-9ubuntu1) edgy; urgency=low * Resynchronise with Debian. -- Tollef Fog Heen Fri, 30 Jun 2006 16:02:07 +0200 ntp (1:4.2.0a+stable-9) unstable; urgency=low [ Peter Eisentraut ] * New maintainer address, new uploaders * Acknowledge NMUs (closes: #327012, #312331) * Added --oknodo option in init script (closes: #302127) * Changed --exec to --startas in init script * Fixed typo in init script (closes: #308496) * Resolved circular dependency between ntp-server and ntp-simple/ntp-refclock (closes: #365950) * Use pool.ntp.org vendor zone by default (closes: #349392, #269572) * Updated public NTP server list URL (closes: #320143) * Updated pool.ntp.org URL and information (closes: #322675) * Renamed debian/NEWS.Debian to debian/NEWS, so it gets installed by dh_installchangelogs (closes: #245612) * Fixed if-up.d/ntp-server to cope with ifrename (closes: #356211) [ Kurt Roeckx ] * Remove pre-sarge upgrade parts of the maintainer scripts. The files now only have debhelper generated things in them, so they got deleted: ntpdate.preinst, ntpdate.prerm, ntp-doc.prerm, ntp-server.preinst and ntp.postinst. This also really fixes #312331 be removing the code. -- Kurt Roeckx Sun, 18 Jun 2006 14:04:57 +0000 ntp (1:4.2.0a+stable-8.2) unstable; urgency=high * NMU * Avoid killing all ntpd processes on fresh installs of ntp-server (closes: #312331) -- Peter Eisentraut Tue, 6 Jun 2006 02:27:42 +0200 ntp (1:4.2.0a+stable-8.1ubuntu6) dapper; urgency=low * Call dh_installinit with --error-handler=true, which will prevent ntp-server's prerm and postinst from bombing out on upgrades from previous broken versions. ntp-{simple,refclock} still try to restart the server in their postinst, so it won't be left dead. -- Adam Conrad Mon, 29 May 2006 10:25:43 +1000 ntp (1:4.2.0a+stable-8.1ubuntu5) dapper; urgency=low * Attempt to create the ntp user in ntp-server's postinst, as the dependency loops between ntp-server and ntp-* means we have no way of knowing which gets configured first (launchpad.net/33351) -- Adam Conrad Sun, 28 May 2006 02:20:57 +1000 ntp (1:4.2.0a+stable-8.1ubuntu4) dapper; urgency=low * Hide output from ntpdate unless ifup is run with -v. -- Scott James Remnant Wed, 17 May 2006 22:45:19 +0100 ntp (1:4.2.0a+stable-8.1ubuntu3) dapper; urgency=low * Ignore errors from ntpdate, otherwise the interface might not come fully up. -- Scott James Remnant Wed, 8 Feb 2006 15:48:19 +0000 ntp (1:4.2.0a+stable-8.1ubuntu2) dapper; urgency=low * Remove ntpdate init script, instead install a script in /etc/network/if-up.d that sets the clock whenever we bring up a network interface. -- Scott James Remnant Wed, 4 Jan 2006 15:56:23 +0000 ntp (1:4.2.0a+stable-8.1ubuntu1) dapper; urgency=low * Resynchronise with Debian. * Use ntp.ubuntu.com rather than ntp.ubuntulinux.org. -- Colin Watson Tue, 1 Nov 2005 23:06:49 -0500 ntp (1:4.2.0a+stable-8.1) unstable; urgency=low * 0-day BSP NMU. * ntp_config.c: apply patch by Theppitak Karoonboonyanan to fix FTBFS (Closes: #327012). -- Christoph Berg Fri, 28 Oct 2005 15:33:37 +0200 ntp (1:4.2.0a+stable-8ubuntu2) breezy; urgency=low * Fix error message in ntp-server init script. (Closes: #14726) -- Fabio M. Di Nitto Fri, 09 Sep 2005 06:35:08 +0200 ntp (1:4.2.0a+stable-8ubuntu1) breezy; urgency=low * Resynchronise with Debian, resolving merge conflicts brought on by Debian incorporating some of our changes upstream. -- Adam Conrad Wed, 20 Apr 2005 04:18:50 +0000 ntp (1:4.2.0a+stable-8) unstable; urgency=medium * The "Well, I certainly could have done that better" version, featuring the maintainer's slightly red face. * Stricter dependencies for the run-as-user feature. Closes: #300207 -- Matthias Urlichs Fri, 18 Mar 2005 21:44:34 +0100 ntp (1:4.2.0a+stable-7) unstable; urgency=medium * Also set the user ID when restarting. Closes: #299904, #299874 - Thanks to Pär Andersson . -- Matthias Urlichs Thu, 17 Mar 2005 09:28:38 +0100 ntp (1:4.2.0a+stable-6) unstable; urgency=medium * Broken edit for ntpdate.ignore (logcheck). Closes: #299572, #299573 * Fix the FTBFS with GCC 4.0 in a way that doesn't break with earlier compilers. :-( Closes: #299572. - Make a few include files be self-skipping and self-complete. -- Matthias Urlichs Tue, 15 Mar 2005 11:09:52 +0100 ntp (1:4.2.0a+stable-5) unstable; urgency=low * Merged ubuntu update to no-root. -- Matthias Urlichs Mon, 14 Mar 2005 15:25:03 +0100 ntp (1:4.2.0a+stable-4) unstable; urgency=low * Merged Upstream fix for ntpdate IPv4/IPv6 problems. - Closes: #293793, #294636 * Install if-up.d/ntp-server in the correct directory. - Closes: #294971 * Merged ubuntu's no-root patch. - Closes: #298059, #296595, #282941 * Don't change the date when debugging ntpdate. - Closes: #286463 * Tell the user that "/etc/initd/ntp-server reload" is not possible. - Sort-of-Closes: #276216 * Cleanup init.d script. Closes: #295574 * Fix doc typos. Closes: #298226 * Remove /var/run/ntpd.pid when stopping the server. - Closes: #295553 * Document ntpdate's exit status. Closes: #298190. * Enhance ntpdate's logcheck rule. Closes: #283386 * Built against libreadline5. -- Matthias Urlichs Sat, 12 Mar 2005 06:16:39 +0100 ntp (1:4.2.0a+stable-3) unstable; urgency=low * Re-upload due to Debian FTP archive problems. -- Matthias Urlichs Tue, 25 Jan 2005 22:18:34 +0100 ntp (1:4.2.0a+stable-2) unstable; urgency=low * -dbg packages have been disabled. -- Matthias Urlichs Sun, 9 Jan 2005 15:56:42 +0100 ntp (1:4.2.0a+stable-1) unstable; urgency=medium * Workaround for ntpdate failing on IPv6 addresses with some kernels. - Thanks to Dan Merillat for tracking this down. - Closes: #249216. * Changed the upstream version name. "+bkYYYYMMDD" isn't what the version of a released program like ntpd should look like; people have been asking. -- Matthias Urlichs Sat, 8 Jan 2005 12:05:56 +0100 ntp (1:4.2.0a+bk20040620-4) unstable; urgency=medium * Pushing to Unstable. * Note: This release is based on the _stable_ Upstream version. * Turned off OpenSSL library compatibility test, it's nonsense. - Closes:#286913. -- Matthias Urlichs Thu, 23 Dec 2004 01:47:30 +0100 ntp (1:4.2.0a+bk20040620-3) experimental; urgency=low * Depend on perl-modules (for ntptrace). Closes:#276672. * Reworded clock interval explanation. Closes:#276213. * Note that the actual NTP server is in package "ntp-server". Closes:#273865. * Document dropped startup script run order. Closes:#240516. * Fix --help in ntptrace. Closes:#242629. * Add a (disabled) restart script to if-up.d. Closes:#247656. * fixed SIGFPE in ntp-keygen. * Remove superfluous {pre,post}{inst,rm} scripts -- Matthias Urlichs Sun, 14 Nov 2004 17:09:17 +0100 ntp (1:4.2.0a+bk20040620-2) experimental; urgency=low * Merge stable Upstream changes. * Add debugging symbol packages. -- Matthias Urlichs Sat, 25 Sep 2004 11:43:37 +0200 ntp (1:4.2.0a+bk20040620-1) experimental; urgency=low * Merge current stable Upstream -- Matthias Urlichs Mon, 21 Jun 2004 10:17:28 +0200 ntp (1:4.2.0a-12) unstable; urgency=low * Doc how to use multiple servers in ntp.default. - Closes: #264569: please document format of NTPSERVERS option -- Matthias Urlichs Mon, 9 Aug 2004 19:57:58 +0200 ntp (1:4.2.0a-11ubuntu3) hoary; urgency=low * ntpd/ntpd.c: - Revert the hardcoded root dropping parameters from previous version. This is now done in init script. - Bugfix: If group was specified as name, previous versions erroneously used the uid as gid. * debian/ntp-server.init.d: - Run as user/group ntp by default (previously hardcoded in ntpd.c). - Already determine the uid/gid of 'ntp' instead of doing it in ntpd.c (for some reason this fails directly after boot). (Ubuntu #5399) - Add -e to interpreter to stop on errors. - append "/usr/bin/" to PATH setting (for getent and cut). -- Martin Pitt Mon, 14 Mar 2005 13:24:46 +0100 ntp (1:4.2.0a+stable-4) unstable; urgency=low * Merged Upstream fix for ntpdate IPv4/IPv6 problems. - Closes: #293793, #294636 * Install if-up.d/ntp-server in the correct directory. - Closes: #294971 * Merged ubuntu's no-root patch. - Closes: #298059, #296595, #282941 * Don't change the date when debugging ntpdate. - Closes: #286463 * Tell the user that "/etc/initd/ntp-server reload" is not possible. - Sort-of-Closes: #276216 * Cleanup init.d script. Closes: #295574 * Fix doc typos. Closes: #298226 * Remove /var/run/ntpd.pid when stopping the server. - Closes: #295553 * Document ntpdate's exit status. Closes: #298190. * Enhance ntpdate's logcheck rule. Closes: #283386 * Built against libreadline5. -- Matthias Urlichs Sat, 12 Mar 2005 06:16:39 +0100 ntp (1:4.2.0a-11ubuntu2) hoary; urgency=low * Run ntpd as normal user (with CAP_SYS_TIME) instead of root * ntpd/ntpd.c: - activate root dropping to user and group "ntp" - add runtime check whether the kernel really supports capabilities; do not drop root privileges if not - do not set CAP_SYS_TIME as inheritable * debian/rules: - configure with --enable-linuxcaps * debian/control, packages ntp-simple/ntp-refclock: - add "adduser" dependency * debian/ntp-{simple,refclock}.postinst: - create system user and group "ntp" - chown /var/lib/ntp and /var/log/ntpstats to ntp:ntp to allow ntpd to write into them - restart the server (for the case that ntp-server's postinst ran before ntp-{simple,refclock}'s) * debian/ntp-{simple,refclock}.postrm: - remove user and group ntp on package purge -- Martin Pitt Thu, 25 Nov 2004 15:23:53 +0100 ntp (1:4.2.0a+stable-3) unstable; urgency=low * Re-upload due to Debian FTP archive problems. -- Matthias Urlichs Tue, 25 Jan 2005 22:18:34 +0100 ntp (1:4.2.0a+stable-2) unstable; urgency=low * -dbg packages have been disabled. -- Matthias Urlichs Sun, 9 Jan 2005 15:56:42 +0100 ntp (1:4.2.0a+stable-1) unstable; urgency=medium * Workaround for ntpdate failing on IPv6 addresses with some kernels. - Thanks to Dan Merillat for tracking this down. - Closes: #249216. * Changed the upstream version name. "+bkYYYYMMDD" isn't what the version of a released program like ntpd should look like; people have been asking. -- Matthias Urlichs Sat, 8 Jan 2005 12:05:56 +0100 ntp (1:4.2.0a+bk20040620-4) unstable; urgency=medium * Pushing to Unstable. * Note: This release is based on the _stable_ Upstream version. * Turned off OpenSSL library compatibility test, it's nonsense. - Closes:#286913. -- Matthias Urlichs Thu, 23 Dec 2004 01:47:30 +0100 ntp (1:4.2.0a+bk20040620-3) experimental; urgency=low * Depend on perl-modules (for ntptrace). Closes:#276672. * Reworded clock interval explanation. Closes:#276213. * Note that the actual NTP server is in package "ntp-server". Closes:#273865. * Document dropped startup script run order. Closes:#240516. * Fix --help in ntptrace. Closes:#242629. * Add a (disabled) restart script to if-up.d. Closes:#247656. * fixed SIGFPE in ntp-keygen. * Remove superfluous {pre,post}{inst,rm} scripts -- Matthias Urlichs Sun, 14 Nov 2004 17:09:17 +0100 ntp (1:4.2.0a+bk20040620-2) experimental; urgency=low * Merge stable Upstream changes. * Add debugging symbol packages. -- Matthias Urlichs Sat, 25 Sep 2004 11:43:37 +0200 ntp (1:4.2.0a-12) unstable; urgency=low * Doc how to use multiple servers in ntp.default. - Closes: #264569: please document format of NTPSERVERS option -- Matthias Urlichs Mon, 9 Aug 2004 19:57:58 +0200 ntp (1:4.2.0a-11ubuntu1) hoary; urgency=low * Resynchronise with Debian. -- Scott James Remnant Wed, 27 Oct 2004 13:54:06 +0100 ntp (1:4.2.0a-11) unstable; urgency=low * Fix building on non-Linux Debian systems. - Closes: #257769 * Require psmisc. - Closes: #261299: uses killall but doesn't reference psmisc Thanks to Martin Michlmayr . -- Matthias Urlichs Tue, 6 Jul 2004 05:26:07 +0200 ntp (1:4.2.0a-10ubuntu2) warty; urgency=low * Use ntp.ubuntulinux.org instead of pool.ntp.org -- Matt Zimmerman Mon, 11 Oct 2004 16:10:27 -0700 ntp (1:4.2.0a-10ubuntu1) warty; urgency=low * Added versioned depend on lsb-base * debian/ntpdate.init.d,ntp-server.init.d: pretty initscripts -- Nathaniel McCallum Fri, 3 Sep 2004 15:12:27 -0400 ntp (1:4.2.0a-10) unstable; urgency=medium * Kill spuriously-running servers when updating. - Closes: #245587 * Put ntpdate's -u option into /etc/default/ntpdate, not init.d. - Closes: #250769 * Remove bashism (test ... -a ...) in ntpdate.preinst. - Closes: #253010 * ntpdate: debug flag should not not change behavior - Closes: #253571 * Updated README.Debian. - Closes: #207680 * Changed obsolete "authenticate no" in ntp.conf to "disable auth". - Closes: #255450 * Changed stratum of computer's clock from 10 to 13; added a note to use 10 on exactly *one* local server. -- Matthias Urlichs Mon, 21 Jun 2004 10:10:51 +0200 ntp (1:4.2.0a+bk20040620-1) experimental; urgency=low * Merge current stable Upstream -- Matthias Urlichs Mon, 21 Jun 2004 10:17:28 +0200 ntp (1:4.2.0a-9) unstable; urgency=low * Don't install two changelogs - Closes: #242929 -- Matthias Urlichs Tue, 20 Apr 2004 11:45:47 +0200 ntp (1:4.2.0a-8) unstable; urgency=medium * Typo in start-stop-daemon calls - Source management systems only work if you use them correctly :-/ - Closes: #242804 -- Matthias Urlichs Fri, 9 Apr 2004 06:00:31 +0200 ntp (1:4.2.0a-7) unstable; urgency=low * Manpage ntp.conf.5 ended up in man1 instead of man5. - Closes: #242433 -- Matthias Urlichs Thu, 8 Apr 2004 08:48:32 +0200 ntp (1:4.2.0a-6) unstable; urgency=low * NEWS.Debian: Document a change to the "noserve" configuration option which can adversely affect existing configurations. - Closes: #240851 * ntp.conf: .htm => .html. - Closes: #241187 (as this restores a deleted /etc/ntp.conf file) * Use --pidfile, not --exec, to stop the NTP server. - Closes: #240741 -- Matthias Urlichs Mon, 29 Mar 2004 20:33:21 +0200 ntp (1:4.2.0a-5) unstable; urgency=medium * Added stub manpage for ntp.conf (points to HTML documentation). - Closes: #240479 * Rearranged Bug close entries to no longer be right-adjusted. * ntp-server.preinst had "update", not "upgrade". Feh. - Closes: #239138 (again) -- Matthias Urlichs Sat, 27 Mar 2004 19:37:13 +0100 ntp (1:4.2.0a-4) unstable; urgency=high * The "I forgot to turn my brain on" release. - _Really_ remove old init scripts more cleanly. - Closes: #239487 -- Matthias Urlichs Tue, 23 Mar 2004 06:50:26 +0100 ntp (1:4.2.0a-3) unstable; urgency=high * Remove old init scripts more cleanly. - Closes: #239292 - this also fixes the thinko in ntp-server.postrm -- sorry . which is the reason for urgency=high . Closes: #239283 * Remove old cron.{daily,weekly} entries. - instead of purging, rename them to "OLDNAME.dpkg-old" - Closes: #239138,239294 -- Matthias Urlichs Mon, 22 Mar 2004 08:43:15 +0100 ntp (1:4.2.0a-2) unstable; urgency=medium * Build-Depend on libssl-dev for ntp-keygen - Closes: #238829 * Debian diff now generated with help from autotools 1.7 files, not 1.8 * Remove /etc/init.d/ntp-simple, ntp-refclock - Closes: #192769,239009 * Moved a few manpage stubs to the correct package -- Matthias Urlichs Sat, 20 Mar 2004 09:13:51 +0100 ntp (1:4.2.0a-1) unstable; urgency=low * Changed Distribution to Unstable. - Closes: #237248 -- Matthias Urlichs Mon, 15 Mar 2004 02:08:14 +0100 ntp (1:4.2.0a-0.1) experimental; urgency=low * Update to new Upstream version 4.2.0a. - Upstream has implemented a patch for #213629, with different flags. :-/ * Added a short blurb to ntp.conf to please participate in pool.ntp.org if possible. * Added a missing "exit 0" line to a few {pre,post}{inst,rm} calls. * Rename /etc/default/ntp-servers => ntpdate in preinst, not postinst. - plus several minor maintainer script clean-ups. * Based on suggestions from jdthood@yahoo.co.uk: - Updated the descriptions in debian/control. - init.d/ntpdate still works if default/ntpdate is deleted, as per Policy. -- Matthias Urlichs Thu, 4 Mar 2004 09:29:57 +0100 ntp (1:4.2.0-0.7) experimental; urgency=low * ntpdate.postinst: rename /etc/default/ntp-servers to .../ntpdate. -- Matthias Urlichs Sun, 15 Feb 2004 03:44:06 +0100 ntp (1:4.2.0-0.6) experimental; urgency=low * Fix document list in ntp-doc (.htm => .html). - Closes: #229575 * Rearrange files between ntp-server (code which needs to run on the host the server is running on) and ntp (ntpq, ntptime et al., which can access a remote server) - Mangled debian/control a bit, be (hopefully) more clear about this distinction. - "ntp" now only has programs that can run remotely, so no longer depend on "ntp-server". * Implemented suggestions from Jari Aalto: - move /etc/default/ntp-servers to /etc/default/ntpdate. . Closes: #230970 - allow setting additional options like "-v" there. . Closes: #230972 * Another "Oh, so that's already fixed" bug. - Closes: #230994 -- Matthias Urlichs Tue, 3 Feb 2004 17:18:40 +0100 ntp (1:4.2.0-0.5) experimental; urgency=low * Actually ship /etc/ntp.conf and /etc/default/ntp-servers files. Duh. - While we're at it, take the easy way out and create a separate package for the common server parts (init script, cronjobs, ...) . Closes: #146275 * Documented "ntpd -n". - Closes: #94975 * Ship logcheck ignore files for time adjust messages. - Closes: #192434 * Found more bugs which are closed by the 4.2.0-0.[1-4] updates. - Closes: #94667,#63794,#185324,#187065,#174012 - Also closes: #146275,#157301,#167151 * ... and some which have been closed before, but been overlooked. - Closes: #45231,#108827 -- Matthias Urlichs Wed, 21 Jan 2004 00:16:35 +0100 ntp (1:4.2.0-0.4) experimental; urgency=low * Implemented patch for -U and -R . - original NTP patch used -T for the latter, but that's now taken by upstream. - Closes: #213629 * Merged the current stable Upstream: D 1.1186 04/01/10 02:27:07-05:00 stenn@pogo.udel.edu 2179 2175 2/0/1 , which contains a few minor bug fixes, including the not-so-minor - Matthias Drochner: uninitialized memory in ntp-keygen can lead to crashes. -- Matthias Urlichs Tue, 23 Dec 2003 19:55:23 +0100 ntp (1:4.2.0-0.3) experimental; urgency=low * Added (commented-out) broadcastclient statement to ntp.conf. - Closes: #211494 -- Matthias Urlichs Tue, 23 Dec 2003 19:55:23 +0100 ntp (1:4.2.0-0.2) experimental; urgency=low * The "too many bugs closed" release. * Change /etc/ntp.conf and /etc/default/ntp-servers to be conffiles; no longer use debconf. - Closes: #201254,#185028,#188987,#192769 - Also closes: #188987,#135563,#138973,#175557,#181824 * Changed default trust parameters. - Closes: #225852 * Old bugs: - Cleanup /var/lib/ntp and /var/log/ntpstats on purge . Closes: #164761 - Bind to each interface address separately . Closes: #209054 -- Matthias Urlichs Tue, 23 Dec 2003 19:55:23 +0100 ntp (1:4.2.0-0.1) experimental; urgency=low * New stable upstream version. From the Upstream NEWS file: - IPv6 support . Closes: #200250 - Bugfixes - call-gap filtering - wwv and chu refclock improvements - OpenSSL integration * Other noteworthy Upstream fixes: - No longer links the daemon to libcurses. . Closes: #221742 - "ntptimeset" is disabled upstream (has compiler errors). . Closes: #139636 * Debian packaging: - Use separate subdirectories for building the -simple and -refclock server versions. - Added prerm scripts (debconf purge). - Switch to debhelper 4 compatibility. - Remove /var/log/ntpstats and /var/lib/ntp on purge . Closes: #164761 - Check whether /etc/default/ntp-servers actually . Closes: #185028 has an NTPSERVERS= entry before using it. - debian/rules no longer install-stamps, so "debuild -nc" works. * Other changes: - Disable IP error cache, as it never gets flushed. . Closes: #117276 -- Matthias Urlichs Wed, 12 Nov 2003 14:11:00 +0100 ntp (1:4.1.2a-2) unstable; urgency=low * bubulle@debian.org: debian/po/templates.pot was missing. - Closes: #220031 * duck@duckcorp.org: not everybody has sys/var.h -- Matthias Urlichs Tue, 11 Nov 2003 08:51:16 +0100 ntp (1:4.1.2a-1) unstable; urgency=low * Updated to current stable upstream version: 4.1.2a. * The original tarball is now created from upstream's Bitkeeper archive: Autogenerated files are added by debian/rules, in the "clean" target. * Jochen Friedrich : - configure.in: explicitly check for ntp_gettime() * Updated Standards-Version: to 3.6.1 (no changes) * Added Japanese debconf templates from Kenshi Muto . - Closes: #210734 * Converted debconf to gettext style. -- Matthias Urlichs Wed, 10 Sep 2003 02:38:28 +0200 ntp (1:4.1.2-2) unstable; urgency=low * changed maintainer to debian-ntp list with list of uploaders * better package description for ntp-doc; closes: #210118 -- Bruce Walker Wed, 1 Oct 2003 12:10:45 -0400 ntp (1:4.1.2-1) unstable; urgency=low * new upstream version * new maintainer * incorporated patch to ntp-genkeys to put the key file in a reasonable place (/var/lib/ntp), from Jochen Friedrich closes: #138887, #147544, #157332 * pruned some old diffs which no longer seem necessary -- Bruce Walker Mon, 29 Sep 2003 14:54:16 -0400 ntp (1:4.1.1b-4) unstable; urgency=low * patch to configure.in from Jochen Friedrich to fix FTBFS on alpha, closes: #191310 * fix another README.Debian typo, closes: #180941 * update ntpdate init.d so that restart and reload will slew instead of stepping the clock, which is safer after boot. closes: #180947 * move ntp-doc to section doc to match ftp admin's overrides file -- Bdale Garbee Mon, 18 Aug 2003 14:26:28 -0600 ntp (1:4.1.1b-3) unstable; urgency=low * fix up init.d references in crontabs and usage messages to reflect name changes made in -1, closes: #174646 -- Bdale Garbee Sun, 29 Dec 2002 14:13:30 -0700 ntp (1:4.1.1b-2) unstable; urgency=low * add config.sub/guess update to debian/rules clean target, closes: #174562 * a few lintian-inspired cosmetic tweaks -- Bdale Garbee Sun, 29 Dec 2002 00:53:11 -0700 ntp (1:4.1.1b-1) unstable; urgency=low * new upstream version, closes: #156456 * trim down build-depends to remove items no longer used * change template text to be more accurate, closes: #139247 * add --enable-LOCAL-CLOCK to the ntp-simple version of the daemon, and add debconf support for enabling local clock as a stratum 10 reference, closes: #147846, #150554, #173958 * add info to README.Debian documenting the use of UDP socket 123 by NTP for folks who live behind firewalls, closes: #93424 * let /etc/init.d script names match package names for ntp-simple and ntp-refclock to fix removal problem. eliminate postrm scripts for both packages, since ntp.conf can get removed at bad times. need to revisit conf handling again someday... closes: #164760, #171577 * added .preinst scripts to -simple and -refclock packages to move /etc/init.d/ntp to new naming on upgrades from old versions. * provide explicit PATH setup in init.d scripts, closes: #169951 * fix typo in README.Debian file, closes: #170757 * add --oknodo to start-stop-daemon invocation in cron.weekly scripts so (ana)cron aren't overly noisy if the daemon isn't running, closes: #165877 -- Bdale Garbee Fri, 27 Dec 2002 01:33:33 -0700 ntp (1:4.1.0-8) unstable; urgency=low * move to US main! Yippee! -- Bdale Garbee Sat, 23 Mar 2002 00:22:31 -0700 ntp (1:4.1.0-7) unstable; urgency=medium * remove inactive cruft (thanks to a typo) from the ntpdate postinst that shouldn't be there anyway, closes: #137488 * add --enable-SHM to configure for the ntp-refclock version of the daemon, to also support clocks attached through shared memory, closes: #135754 * freshen content in README.Debian to include information about the debconf support and /etc/default/ntp-servers, the URL for the public list of NTP servers, plus other updates. closes: #135159, #117287 * harden ntpdate's init.d script to deal with /etc/default/ntp-servers not existing, closes: #137130 -- Bdale Garbee Sat, 9 Mar 2002 11:26:32 -0700 ntp (1:4.1.0-6) unstable; urgency=medium * oops. fix the ntpdate postinst fix so it creates /etc/default/ntp-servers on initial installs, too. /o\ closes: #117162 -- Bdale Garbee Sun, 24 Feb 2002 10:58:21 -0700 ntp (1:4.1.0-5) unstable; urgency=medium * fix ntpdate postinst to not trash changes in /etc/default/ntp-servers, using patch from Petter Reinholdtsen , closes: #117162 * update package description to point everyone building a reference clock to the ntp-refclock package, not just radio clock owners, closes: #126412 * change ntp-simple.config and ntp-refclock.config so that dpkg-reconfigure works as expected -- Bdale Garbee Sat, 16 Feb 2002 00:46:37 -0700 ntp (1:4.1.0-4) unstable; urgency=medium * update build dependencies, closes: #115089 * apply patches for hurd-i386, closes: #115260 * incorporate german templates, closes: #114830, #114831 * recraft debconf processing to preserve manual changes made to /etc/default/ntp-servers, closes: #117162, #117607 * I can't reproduce the problem reported with dpkg-reconfigure after updating the maintainer scripts, closes: #120634 * make ntpdate's init.d be silent if no NTP servers are configured, closes: #113488, #37946, #79262, #117447 * clean out /etc/cron.*/ntp files left from prior versions, closes: #117610 * apply patch from Colm Buckley to address problem with broadcast NTP, closes: #122552, #117912, #117626 -- Bdale Garbee Thu, 13 Dec 2001 16:27:39 -0700 ntp (1:4.1.0-3) unstable; urgency=medium * fix version in ntp-simple/ntp-refclock replaces to avoid overlap errors during upgrades, closes: #111484, #111550 * update text in debconf templates to not be misleading, closes: #111552 * change non-us to non-US in control file to squelch override warnings -- Bdale Garbee Sun, 23 Sep 2001 23:38:35 -0600 ntp (1:4.1.0-2) unstable; urgency=medium * add debconf support, borrowing lightly from the Progeny implementation, and examples in other Debian packages. The list of servers to be used by ntpd and ntpdate are now shared. A side effect of debconf support is use of /etc/default/ntp-servers, which means /etc/init.d/ntpdate no longer needs to be modified by hand. The admin may optionally do it all manually. closes: #34704, #36323, #37703, #52999, #57289, #57603, #66296 closes: #66573, #67276, #83654, #86209 * change ntp-refclock to priority extra * fix epochs in control file and add replaces, closes: #109170, #109381 * fix bogus conflict between ntp and ntp-refclock left over from a previous design for the package restructuring, closes: #109247 * ntp-simple and ntp-refclock made self-sufficient with respect to config files, and suggest ntp. this allows a very small filesystem footprint if all you really want is a daemon. most users are expected to pick the ntp package, which depends on ntp-simple or ntp-refclock, with the combination providing the mix of clients and daemon older pre-split ntp packages provided. closes: #110583 * move to non-us since libssl-dev used for authentication, closes: #109127 * arrange for ntp.conf to be deleted on purge, closes: #58804 -- Bdale Garbee Fri, 31 Aug 2001 16:37:54 -0600 ntp (1:4.1.0-1) unstable; urgency=medium * new upstream version, closes: #64951, #67562, #67744, #72321 * split the package. ntp now depends on either ntp-simple or ntp-refclock to deliver the actual daemon. The simple version uses minimal memory, the refclock version includes all the drivers for radio clocks. closes: #52903, #98484, #56991 * eliminate the xntp3 package, since it existed to smooth upgrades to potato, and should no longer be needed when woody releases * change perl5 suggestion to perl * add build dependency on libssl-dev for authentication support * no longer requires oddball autoconf version, closes: #90969 * this version may build correctly on the hurd, not closing 90974 until confirmation is received, though. * config.* in this version seem fresh enough, closes: #95741 * upstream fixed various problems by not using threads on Linux, closes: #102403, #102115, #94617, #64744, #94102, #93131 * disable debugging since to reduce log file spew, closes: #100347 * prerm is now entirely debhelper glue with appropriate sanity checks, closes: #63157 * patch libntp/msyslog.c for possible buffer overflow, closes: #72965 * fix typos in ntpd.1, closes: #75681, #81054 * fix spelling errors in ntpd.1, closes: #107761 * make ntptrace report if specified host is not found, closes: #98152 * remove cleanup code from ntp-doc postinst, since it can cause problems and hasn't been relevant since 1999. Closes: #99035, #94366 * modify ntpdate init.d to run ntpdate on restart and force-reload too, closes: #75208, #55942 * add -u to ntpdate init.d to use unpriveledged port, closes: #77329 * move the ntpdate init.d invocation as early as possible in the boot sequence, closes: #80564 * working on debconf support, uploading before it's ready since so much else is fixed by this newer version! -- Bdale Garbee Thu, 16 Aug 2001 17:08:44 -0600 ntp (1:4.0.99g-3) unstable; urgency=high * apply patch from the NTP hackers list to fix buffer overflow with the potential for remote root exploits. patch will cause the daemon to log attempted exploits. * add an include of to quickly get around the changes in time header files with recent glibc's, back this out on the next upstream release? -- Bdale Garbee Wed, 4 Apr 2001 17:32:04 -0600 ntp (1:4.0.99g-2) frozen unstable; urgency=low * target frozen since these are release-critical bugs * make ntpdate replace xntp and xntp3, since it may install before or instead of ntp, resulting in a file overlap, closes: #61333 * make ntp/ntpdate/xntp3 conflict with chrony, since otherwise they fight over UDP port 53, closes: #61500 -- Bdale Garbee Wed, 5 Apr 2000 01:08:42 -0600 ntp (1:4.0.99g-1) frozen unstable; urgency=low * target frozen since the xntp3 thing is release-critical * roll the epoch, since it is the cleanest way to have the xntp3 meta package exist to help with the xntp3->ntp rename, closes: #59090 * move to a fresher upstream snapshot to get various bug fixes, no changes to functionality we use, closes: #57659, #57816, #58400, #59154, #56551 * put some information in the README.Debian about how to have a machine use its own clock as a reference for isolated machine clusters * stop having ntp-doc drop symlinks into the ntp and ntpdate doc directories, since it prevents them from being removed cleanly, closes: #59861 -- Bdale Garbee Sun, 12 Mar 2000 21:34:25 -0700 ntp (4.0.99c-1) frozen unstable; urgency=low * change the xntp3 dependencies from suggest to depend so they're useful in the context of apt, and remove the conflicts that are keeping the meta package from being useful. Target frozen since the meta package was added for potato, and is useless without this change given how apt treats suggestions. Closes: #56822 * include some information about hwclock in README.Debian, closes: #56755 * pick up 4.0.99c upstream, since all the changes relevant to us appear to be documentation fixes, and they seem worth having. Closes: #56598 * add a few touches to the rules file to keep the build process from running autoconf and friends out of timestamp confusion. -- Bdale Garbee Fri, 4 Feb 2000 00:00:24 -0700 ntp (4.0.99b-1) frozen unstable; urgency=low * new upstream release, minor bug fixes only, another release candidate, closes: #55213, #55639 * fix redirection in the cron.daily, so that ntp isn't obnoxious if the stats logging has been turned off in ntp.conf, closes: #55488, #55339 -- Bdale Garbee Wed, 19 Jan 2000 23:01:19 -0700 ntp (4.0.99-2) unstable; urgency=low * add to Build-Depends, closes: #55086 -- Bdale Garbee Fri, 14 Jan 2000 23:36:12 -0700 ntp (4.0.99-1) unstable; urgency=low * new upstream version, release candidate, closes: #54974 * improve robustness of cron.daily fragment, and comment the non-obvious things in the cron.daily file itself. Closes: #54538, #54763 * upgrade to newer ntpsweep from comp.protocols.time.ntp, closes: #55059 -- Bdale Garbee Fri, 14 Jan 2000 10:25:24 -0700 ntp (4.0.98m-2) unstable; urgency=low * fix silly dependency on sudo in cron.daily resulting from a cut'n'paste not completely thought through, closes: 54538 -- Bdale Garbee Sun, 9 Jan 2000 10:40:38 -0700 ntp (4.0.98m-1) unstable; urgency=low * new upstream source, closes: #54262 * upgrade to latest standards, add Build-Depends -- Bdale Garbee Fri, 7 Jan 2000 20:18:15 -0700 ntp (4.0.98k-1) unstable; urgency=low * new upstream source, ntpsweep now included upstream, closes: #53858, #54168 * add xntp3 meta-package to facilitate slink->potato upgrades since package names changed, closes: #53532 * the cron.weekly/ntp script deletes files in /var/log/ntpstats that are older than a week. this means that at most 2 weeks of daily stats files have been present at any given time. since deleting these old stats file does not require daemon cycling, I'm moving this to a cron.daily so only a week of files will be present. Closes: #53598 * while I'm messing with log rotation, modify cron.weekly to invert the nesting of the conditions. This way, if there is no logfile definition in /etc/ntp.conf, and ntpd is therefore using syslog(), we won't kill and restart the daemon to rotate the non-existent log file. * update configure-ntp to comment-out the logfile definition so that ntpd will use syslog, and not require cycling weekly for log file rotation. This will cause ntpd logging to end up in daemon.log, since we do not have a LOG_NTP facility at this time, forcing ntpd to use LOG_DAEMON. Wishlist bug filed against libc6-dev asking for a LOG_NTP. Leave the cron.weekly alone, and don't do anything automatic to remove the logfile entry from /etc/ntp.conf... but add a note to README.Debian explaining the choices. -- Bdale Garbee Thu, 6 Jan 2000 20:38:52 -0700 ntp (4.0.98h-2) unstable; urgency=medium * add text to ntpdate's README.Debian explaining when ntp may be a better choice * add ntpsweep Perl script from Hans Lambermont from comp.protocols.time.ntp, craft a manpage so it complies with policy -- Bdale Garbee Mon, 27 Dec 1999 10:33:57 -0700 ntp (4.0.98h-1) unstable; urgency=medium * new upstream source, fixes the "multiple servers with ntpdate" hang * patch from Zack Weinberg to reduce ntpd's memory footprint, and quiet some of the compiler warnings, closes: #52902 * the images in the documentation are much smaller now, closes: #46534 -- Bdale Garbee Mon, 20 Dec 1999 02:20:33 -0700 ntp (4.0.98g-1) unstable; urgency=low * new upstream source, closes: #52718 * apply patch for /tmp usage in refclock_true from Topi Miettinen, since upstream seems uninterested, and Topi has convinced me this is worth fixing. closes: #26062 -- Bdale Garbee Wed, 15 Dec 1999 14:09:26 -0700 ntp (4.0.98f-2) unstable; urgency=low * apply patch from Roman that may finally fix the compile problems on m68k still using glibc2.0, closes: #50433 * document in README.Debian for the ntp package the need to include support for enhanced real-time clock in the kernel build for SMP machines. * add code to ntp-doc postinst to clean up old/broken /usr/doc/ntp-doc symlinks, closes: #51024 -- Bdale Garbee Sun, 12 Dec 1999 18:14:54 -0700 ntp (4.0.98f-1) unstable; urgency=low * new upstream source, closes: #49877 * upstream maintainer uninterested in changing /tmp file usage, since there is no clear problem with what is there, so no point in our keeping the bug open... closes: #26062 * hardware clock handling is different in v4, and even more different if the nanosecond timing patches are in use in the kernel. I think what ntp is doing now is correct. closes: #12181 * I have never been able to reproduce the sigint failure during name resolution reported ages ago, even when I worked hard to get slow name service. I see no point in keeping the bug open. closes: #18723 * include ntpdate manpage from Fabrizio Polacco, closes: #50329 * include ntpd manpage from Peter Breuer, closes: #50462 * quick hack to see if we can fix the ntptimeval lossage in glibc2.0, closes: 50433 -- Bdale Garbee Sat, 20 Nov 1999 23:51:34 -0700 ntp (4.0.98d-1) unstable; urgency=low * building ntptime again, closes: #43839 * new upstream version, closes: #49102, #48944 * fix dependencies for ntpdate so that upgrading from prior version works, since ntptimeset appeared briefly in ntp before moving to ntpdate, closes: #49275 * fix paths in ntp-doc postinst symlink creation for FHS, closes: #47011 * add text to init.d on restart, closes: #47048 * man page paths were fixed in 4.0.98a-1, closes: #49230 -- Bdale Garbee Fri, 5 Nov 1999 23:50:54 -0700 ntp (4.0.98a-1) unstable; urgency=low * new upstream source, closes: #45472, #45403, #44622 * fix error in Debian-specific man page sources, closes: #43833 * FHS compliance * put ntptimeset, a "new" alternative to ntpdate from CMU that just appeared in the ntp upstream sources, into the ntpdate package. * minor tweaks to achieve a clean lintian report * remove text display from postinst to satisfy policy -- Bdale Garbee Sun, 19 Sep 1999 14:32:28 -0600 ntp (4.0.97c-1) unstable; urgency=low * new upstream source * add doc-base support to the ntp-doc package, closes: #37016 * move ntpq, ntpdc, and ntptrace from /usr/sbin to /usr/bin, closes: #43298 -- Bdale Garbee Sat, 28 Aug 1999 21:53:04 -0600 ntp (4.0.97a-1) unstable; urgency=low * new upstream version, closes: #41724, #43024, #43025, #43026, #38074, #43202, #43446 -- Bdale Garbee Wed, 25 Aug 1999 21:02:12 -0600 ntp (4.0.92f-1) unstable; urgency=low * new upstream version, closes 36227 * fix typo in ntpdate init.d, closes 36215 * fix test in ntp-doc postinst to work when ntpdate is not installed, closes 36214, 36211 -- Bdale Garbee Sun, 18 Apr 1999 14:14:58 -0600 ntp (4.0.92e-1) unstable; urgency=low * new upstream version kernel pll correctly recognized in 2.2 kernels, closes 32913 memory leak believed fixed in this version, closes 33762 * fix configure-ntp to make postinst text less confusing on initial install, closes 35869. * eliminate duplicate daemon start on initial install in postinst * fix configure-ntp to create ntp.conf with the right log file, closes 35621 * move ntp-doc symlink management from rules file to ntp-doc postinst and prerm to eliminate dangling symlinks, closes 35440 * update rules file to remove htmlprimer.htm from ntp-doc, closes 35489 -- Bdale Garbee Thu, 15 Apr 1999 23:11:30 -0600 ntp (4.0.91-3) unstable; urgency=low * trivial tweaks to the init.d scripts for ntp and ntpdate to better conform with policy, closes 32869 -- Bdale Garbee Thu, 4 Feb 1999 23:16:35 -0700 ntp (4.0.91-2) unstable; urgency=low * fix typo in ntpdate's postinst, closes 32372 * tweak ntp's weekly cron to eliminate extra mail to root, closes 32461 -- Bdale Garbee Wed, 27 Jan 1999 13:58:56 -0700 ntp (4.0.91-1) unstable; urgency=low * new upstream version - these packages replace xntp3 and xntp3-doc! * ntp-doc does not include the html primer, closes 25752 * ntp-doc has been updated substantially, 24270 appears to be fixed * packages renamed to match change in upstream source * split package to allow ntpdate usage without needing ntpd, closes 26557 * enable more types of hardware clocks, closes 30989 * create a "null" manpage for all the executables that directs users to the ntp-doc package * reworked the init.d/ntp.conf/etc stuff significantly, closes 30574, * add some text to the postinst for ntpdate, closes 21320 * fix init.d messages to comply with standard, closes 29618, 23493, 23499, 23517, 23518 * apply fix for insecure /tmp file usage in one debugging mode, which would close 26062... but I'm going to forward it upstream and wait for a reply before closing it. -- Bdale Garbee Sun, 17 Jan 1999 15:05:18 -0700 xntp3 (5.93-3) unstable; urgency=low * add dependency on awk, which is used in the postinst, closes 24821 * tweak postinst to fix problem with comments in ntp.conf breaking the ntpdate call in init.d, closes 22796 * add patch to ntp_io.c to report exceeding max number of bindable interfaces in xntpd, closes 23145 * update postinst to be more graceful if no NTP servers are specified, closes 24268 * update postrm to be more robust -- Bdale Garbee Mon, 3 Aug 1998 23:00:24 -0600 xntp3 (5.93-2) frozen unstable; urgency=low * fix prerm to gracefully handle the case of a package remove or upgrade when the daemon is not running. Closes bugs 23565, 22384. * push this into frozen since 23565 was quite rightly flagged as important, and the 5.93 bits have been in unstable and working fine for over a month with no version-specific bug reports. -- Bdale Garbee Sun, 3 May 1998 21:14:29 -0600 xntp3 (5.93-1) unstable; urgency=low * new upstream source * apply 5.93->5.93a patch, even though it's not relevant for Linux, since upstream maintainer wants my diffs for Linux relative to 5.93a. -- Bdale Garbee Sun, 3 May 1998 21:14:29 -0600 xntp3 (5.91-9) frozen unstable; urgency=low * fix a conditional in postinst that fails with older versions of shellutils, closes 21988 -- Bdale Garbee Sat, 2 May 1998 01:57:32 -0600 xntp3 (5.91-8) frozen unstable; urgency=medium * finish the changes to make /etc/init.d/xntp3 not be a 'conffile', closes 21117 and 21119. /o\ * clean up a few details in the pre and post scripts, making them a bit more paranoid and better equipped to handle unexpected conditions. * anyone running -7 really wants this version... mark it 'medium' urgency -- Bdale Garbee Tue, 14 Apr 1998 23:24:11 -0600 xntp3 (5.91-7) frozen unstable; urgency=low * add a sleep between stop and start in init fragment to avoid race where old daemon hasn't quite died yet, closes 18703 * fix a typo in the description, closes 18986 * add -9 to gzip call in rules file to close remaining lintian errors -- Bdale Garbee Fri, 10 Apr 1998 00:36:41 -0600 xntp3 (5.91-6) unstable; urgency=low * add update-rc.d call to postrm for /etc/init.d/xntp3 (lintian) * implement new required arguments to /etc/init.d/xntp3 (lintian) * fix for missing __ntp_gettime in libc6 from Herbert Xu. Closes 15362. -- Bdale Garbee Sun, 15 Feb 1998 11:03:16 -0700 xntp3 (5.91-5) unstable; urgency=low * change sequence in postinst to quiet update-rc.d. Closes 17327. -- Bdale Garbee Tue, 27 Jan 1998 14:14:32 -0700 xntp3 (5.91-4) unstable; urgency=low * with inputs from Christian Schwarz and others, do a better job of handling the package copyright policies regarding the xntp3-doc package. -- Bdale Garbee Tue, 27 Jan 1998 13:03:32 -0700 xntp3 (5.91-3) unstable; urgency=low * make xntp3-doc depend on xntp3 to conform with policy regarding copyright files -- Bdale Garbee Mon, 26 Jan 1998 21:29:29 -0700 xntp3 (5.91-2) unstable; urgency=low * clean up rules file using suggestions from Mark Eichin, fixes a small detail when building on other than i386, and moves to latest debhelper calls. Closes 16213. -- Bdale Garbee Sat, 3 Jan 1998 01:48:23 -0700 xntp3 (5.91-1) unstable; urgency=low * new upstream version -- Bdale Garbee Wed, 26 Nov 1997 23:36:22 -0700 xntp3 (5.90-12) unstable; urgency=low * update postinst and postrm to improve daemon handling. Closes bug 15273 * modified rules file to indicate need for debhelper if dh_testdir fails -- Bdale Garbee Wed, 26 Nov 1997 22:47:00 -0700 xntp3 (5.90-11) unstable; urgency=low * reconfigure rules file to use debhelper, closes some bugs * various cosmetic tweaks -- Bdale Garbee Fri, 21 Nov 1997 22:16:48 -0700 xntp3 (5.90-10) unstable; urgency=low * fix a typo in the init.d usage message, closes bug 14999 -- Bdale Garbee Tue, 18 Nov 1997 09:54:27 -0700 xntp3 (5.90-9) unstable; urgency=low * don't have -doc package depend on www-browser, closes bug 12996 -- Bdale Garbee Sun, 21 Sep 1997 17:18:40 -0600 xntp3 (5.90-8) unstable; urgency=low * only do the work in postinst if called to configure, closes bug 12633 -- Bdale Garbee Wed, 10 Sep 1997 12:47:13 -0600 xntp3 (5.90-7) unstable; urgency=low * libc6 * remove log files in postrm if purging, closes bug 12037 * remove config file in postrm if purging, closes bug 12110 * fix typo in cron.weekly that prevents log file rotation, closes bug 12131 -- Bdale Garbee Fri, 5 Sep 1997 00:56:43 -0600 xntp3 (5.90-6) stable unstable; urgency=medium * Fix a security problem in the postinst script. Closes bug 11773. * Explicitly try to stop the daemon before starting it in the postinst, just to make absolutely sure it's not already running. This may quiet the reports of lingering daemons. -- Bdale Garbee Fri, 1 Aug 1997 23:26:35 -0600 xntp3 (5.90-5) unstable; urgency=low * Ensure that needed directories exist. Closes bugs 10242 and 9979. * Ignore ECONNREFUSED from peers that don't have xntpd running. Closes bug 8490. -- Bdale Garbee Sat, 31 May 1997 16:34:47 -0600 xntp3 (5.90-4) unstable; urgency=low * Switch to using start-stop-daemon in the postinst. Fixes bug 9271. -- Bdale Garbee Mon, 12 May 1997 22:08:42 -0600 xntp3 (5.90-3) unstable; urgency=low * Create /usr/doc/xntp3-doc as a symlink to xntp3. Closes bug 6081. * Fix typo in glibc support in ntpdate. -- Bdale Garbee Sat, 26 Apr 1997 23:19:15 -0600 xntp3 (5.90-2) unstable; urgency=low * Fix problem in packaging of doc package. -- Bdale Garbee Sat, 26 Apr 1997 22:18:15 -0600 xntp3 (5.90-1) unstable; urgency=low * New upstream version. * Apply patches for libc6 from Michael Dorman. Closes bug 9078. * Make directory /var/lib/ntp. Closes bug 8783. -- Bdale Garbee Sat, 26 Apr 1997 00:40:29 -0600 xntp3 (5.89-1) unstable; urgency=low * new upstream version * changing package name from xntp to xntp3 to mirror upstream change * ntp.conf no longer treated as conffile, closes bug 2051 * only run cron.weekly fragment if /usr/sbin/xntpd exists, closes bug 5857 * substantial improvement to the postinst script, closes several bugs -- Bdale Garbee Wed, 26 Feb 1997 12:58:45 -0700 xntp (3.5f-4) frozen unstable; urgency=medium * copyright for xntp-doc installed in the wrong place. Fixes bug 5319. * create /var/lib/ntp directory. Fixes bug 5373. -- Bdale Garbee Mon, 4 Nov 1996 02:53:56 -0700 xntp (3.5f-3) unstable; urgency=low * oops. ugly typo in postinst breaks it entirely... -- Bdale Garbee Mon, 4 Nov 1996 02:53:56 -0700 xntp (3.5f-2) unstable; urgency=low * create a stub manpage explaining the xntp-doc package * postinst offers to run ntpdate before xntpd launch. Fixes bug 2982. * improve user instructions echo'd during postinst. Fixes bug 4323. * moved test out of case in init.d script. Fixes bug 4432. * only stop and start daemon in cron if it is running. Fixes bug 4876. -- Bdale Garbee Mon, 4 Nov 1996 00:53:50 -0700 xntp (3.5f-1) unstable; urgency=low * new upstream version 3.5f * xntpd built with MD5, but without DES authentication to avoid export issue. -- Bdale Garbee Sat, 2 Nov 1996 17:18:29 -0800 xntp-3.5c-1: 960328 * Upgraded to latest upsteam version. * Removed Package_Revision from control file. * Removed -m486 compiler option. * Added Architecture field to control file. * Moved documentation into xntp-doc package. * Fixed Bug#2096: xntp-3.4x-2 doesn't test for presence of /usr/sbin * Fixed Bug#2116: xntp cron bug * Fixed Bug#2129: xntp startup should call ntpdate first * Fixed Bug#2250: xntpd log file rotation * Fixed Bug#2363: xntpd fails in 1.3.x kernels xntp-3.4x-2: 951127 * Converted to ELF. * Fixed bug #1656: moved /etc/ntp.drift to /var/lib/ntp/ntp.drift * Fixed bug #1770: xntp works under 1.3.x kernels now. xntp-3.4x-1: 950928 Andrew Howell * Updated to the newest version. * Made cronjob quiet. * Postinst script will now run xntpd if you supply a NTP server. xntp-3.4s-0: * Updated to the newest version. * Fixed cronjob to delete logs older than 7 days, not just the 7th day. Oops :) xntp-3.4r-2: * Fixed permissions on cronjob xntp-3.4r-1: * Added cronjob to cleanup log files once a week. * Added postrm script to remove rcx.d links when purge option given to dpkg. * Fixed postinst script to only prompt user for NTP server once. * Removed default NTP server. xntp-3.4r-0: * added Debian GNU/Linux package maintenance system files Local variables: mode: debian-changelog End: